Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rubygem-actionpack@1:3.0.10-12?arch=el6cf
purl pkg:rpm/redhat/rubygem-actionpack@1:3.0.10-12?arch=el6cf
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-6h6n-7frd-1ked
Aliases:
CVE-2012-6116
Candlepin: bootstrap RPM deploys CA certificate file with mode 666 There are no reported fixed by versions.
VCID-9qc2-be2u-vfgv
Aliases:
CVE-2013-1823
Katello: Notifications page Username XSS There are no reported fixed by versions.
VCID-c3cm-h13f-jubq
Aliases:
CVE-2012-6119
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. There are no reported fixed by versions.
VCID-ebq1-gkhe-pua7
Aliases:
CVE-2013-0269
GHSA-x457-cw4h-hq5f
OSV-101137
Denial of Service and SQL Injection This package allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka. There are no reported fixed by versions.
VCID-hbtn-7423-m3gb
Aliases:
CVE-2013-0276
GHSA-gr44-7grc-37vq
OSV-90072
Circumvention of attr_protected The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. There are no reported fixed by versions.
VCID-pb4n-q6u8-syds
Aliases:
CVE-2013-0256
GHSA-v2r9-c84j-v7xm
OSV-90004
XSS exploit of RDoc documentation generated by rdoc This exploit may lead to cookie disclosure to third parties. The exploit exists in darkfish.js which is copied from the RDoc install location to the generated documentation. RDoc is a static documentation generation tool. Patching the library itself is insufficient to correct this exploit. There are no reported fixed by versions.
VCID-y12d-fjpf-uubh
Aliases:
CVE-2013-0263
GHSA-xc85-32mf-xpv8
OSV-89939
Timing attack against Rack::Session::Cookie Affected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:54:38.521909+00:00 RedHat Importer Affected by VCID-c3cm-h13f-jubq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6119.json 38.0.0
2026-04-01T14:52:31.988013+00:00 RedHat Importer Affected by VCID-pb4n-q6u8-syds https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0256.json 38.0.0
2026-04-01T14:52:31.478620+00:00 RedHat Importer Affected by VCID-y12d-fjpf-uubh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0263.json 38.0.0
2026-04-01T14:52:30.711191+00:00 RedHat Importer Affected by VCID-hbtn-7423-m3gb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json 38.0.0
2026-04-01T14:52:30.450789+00:00 RedHat Importer Affected by VCID-ebq1-gkhe-pua7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0269.json 38.0.0
2026-04-01T14:52:16.100630+00:00 RedHat Importer Affected by VCID-6h6n-7frd-1ked https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6116.json 38.0.0
2026-04-01T14:52:01.357313+00:00 RedHat Importer Affected by VCID-9qc2-be2u-vfgv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1823.json 38.0.0