Search for packages
| purl | pkg:rpm/redhat/rh-ror41-rubygem-actionpack@1:4.1.5-4?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-s5ah-tf63-a7cw
Aliases: CVE-2016-2098 GHSA-78rc-8c29-p45g |
Improper Input Validation The Rails gem allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. | There are no reported fixed by versions. |
|
VCID-z1jv-4ga2-7kd1
Aliases: CVE-2016-2097 GHSA-vx9j-46rh-fqr8 |
Possible Information Leak Vulnerability Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:37:43.615053+00:00 | RedHat Importer | Affected by | VCID-s5ah-tf63-a7cw | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json | 38.0.0 |
| 2026-04-01T14:37:43.380991+00:00 | RedHat Importer | Affected by | VCID-z1jv-4ga2-7kd1 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json | 38.0.0 |