VulnerableCode Package Details - pkg:rpm/redhat/ruby193-rubygem-actionpack@1:3.2.8-5.1?arch=el6

Search for packages

Vulnerability	Summary	Fixed by
VCID-5hqj-fxmk-cbcy Aliases: CVE-2013-6415 GHSA-6h5q-96hp-9jgm OSV-100524	XSS Vulnerability in number_to_currency The number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack.	There are no reported fixed by versions.
VCID-kcj2-v7av-47cv Aliases: CVE-2013-4491 GHSA-699m-mcjm-9cw8 OSV-100528	Reflective XSS Vulnerability There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.	There are no reported fixed by versions.
VCID-nf8s-2aaa-17fw Aliases: CVE-2013-6417 GHSA-wpw7-wxjm-cw8r OSV-100527	Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk) Due to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses.	There are no reported fixed by versions.
VCID-pmrb-t3bm-zkb6 Aliases: CVE-2013-6414 GHSA-mpxf-gcw2-pw5q OSV-100525	Denial of Service Vulnerability in Action View There is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-5hqj-fxmk-cbcy
Aliases:
CVE-2013-6415
GHSA-6h5q-96hp-9jgm
OSV-100524

XSS Vulnerability in number_to_currency The number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack.

There are no reported fixed by versions.

VCID-kcj2-v7av-47cv
Aliases:
CVE-2013-4491
GHSA-699m-mcjm-9cw8
OSV-100528

Reflective XSS Vulnerability There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.

There are no reported fixed by versions.

VCID-nf8s-2aaa-17fw
Aliases:
CVE-2013-6417
GHSA-wpw7-wxjm-cw8r
OSV-100527

Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk) Due to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses.

There are no reported fixed by versions.

VCID-pmrb-t3bm-zkb6
Aliases:
CVE-2013-6414
GHSA-mpxf-gcw2-pw5q
OSV-100525

Denial of Service Vulnerability in Action View There is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:49:25.374331+00:00	RedHat Importer	Affected by	VCID-kcj2-v7av-47cv	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json	38.0.0
2026-04-01T14:49:25.150933+00:00	RedHat Importer	Affected by	VCID-5hqj-fxmk-cbcy	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json	38.0.0
2026-04-01T14:49:24.938502+00:00	RedHat Importer	Affected by	VCID-pmrb-t3bm-zkb6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json	38.0.0
2026-04-01T14:49:24.727768+00:00	RedHat Importer	Affected by	VCID-nf8s-2aaa-17fw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json	38.0.0