VulnerableCode Package Details - pkg:rpm/redhat/rh-ror42-rubygem-activerecord@1:4.2.6-3?arch=el7

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/rh-ror42-rubygem-activerecord@1:4.2.6-3?arch=el7

purl	pkg:rpm/redhat/rh-ror42-rubygem-activerecord@1:4.2.6-3?arch=el7

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-86jq-2md2-d7ah Aliases: CVE-2016-6316 GHSA-pc3m-v286-2jwj	Possible XSS Vulnerability in ActionView There is a possible XSS vulnerability in Action View. Text declared as `HTML safe` will not have quotes escaped when used as attribute values in tag helpers.	There are no reported fixed by versions.
VCID-9t7a-muwx-zyee Aliases: CVE-2016-6317 GHSA-pr3r-4wrp-r2pv	Improper Access Control The Rails gem does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing `WHERE` clauses via a crafted request.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:35:36.881984+00:00	RedHat Importer	Affected by	VCID-9t7a-muwx-zyee	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json	38.0.0
2026-04-01T14:35:36.786605+00:00	RedHat Importer	Affected by	VCID-86jq-2md2-d7ah	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json	38.0.0