Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/actionpack@2.3.2
purl pkg:gem/actionpack@2.3.2
Next non-vulnerable version 8.1.2.1
Latest non-vulnerable version 8.1.2.1
Risk
Vulnerabilities affecting this package (46)
Vulnerability Summary Fixed by
VCID-123f-6px7-3qdg
Aliases:
CVE-2016-0752
GHSA-xrr4-p6fq-hjg7
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` (dot dot) in a pathname.
3.2.22.1
Affected by 30 other vulnerabilities.
4.1.14.1
Affected by 29 other vulnerabilities.
4.2.5.1
Affected by 28 other vulnerabilities.
VCID-1b9z-efz6-9fdu
Aliases:
CVE-2011-2929
GHSA-r7q2-5gqg-6c7q
actionpack Improper Input Validation vulnerability The template selection functionality in `actionpack/lib/action_view/template/resolver.rb` in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."
3.0.10
Affected by 47 other vulnerabilities.
3.1.0
Affected by 47 other vulnerabilities.
VCID-1xbd-73qv-mff9
Aliases:
CVE-2012-3424
GHSA-92w9-2pqw-rhjj
OSV-84243
actionpack Improper Authentication vulnerability The `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.
2.3.5
Affected by 46 other vulnerabilities.
3.0.16
Affected by 45 other vulnerabilities.
3.1.0.beta1
Affected by 47 other vulnerabilities.
3.1.7
Affected by 45 other vulnerabilities.
3.2.0.rc1
Affected by 49 other vulnerabilities.
3.2.7
Affected by 47 other vulnerabilities.
VCID-3edd-m27s-a3ek
Aliases:
CVE-2012-2694
GHSA-q34c-48gc-m9g8
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request `actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.
3.0.14
Affected by 46 other vulnerabilities.
3.1.6
Affected by 46 other vulnerabilities.
3.2.6
Affected by 48 other vulnerabilities.
VCID-3rn4-abmh-nkhv
Aliases:
CVE-2013-6417
GHSA-wpw7-wxjm-cw8r
OSV-100527
actionpack allows bypass of database-query restrictions `actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.
3.2.16
Affected by 37 other vulnerabilities.
4.0.2
Affected by 35 other vulnerabilities.
VCID-4bzb-ft3d-dkgg
Aliases:
CVE-2012-3463
GHSA-98mf-8f57-64qf
OSV-84515
actionpack Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/form_tag_helper.rb` in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the `prompt` field to the `select_tag` helper.
3.0.17
Affected by 43 other vulnerabilities.
3.1.0.beta1
Affected by 47 other vulnerabilities.
3.1.8
Affected by 43 other vulnerabilities.
3.2.0.rc1
Affected by 49 other vulnerabilities.
3.2.8
Affected by 45 other vulnerabilities.
VCID-4w1v-z4zj-6ydp
Aliases:
CVE-2020-8185
GHSA-c6qr-h5vq-59jc
Untrusted users can run pending migrations in production in Rails There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. This vulnerability has been assigned the CVE identifier CVE-2020-8185. Versions Affected: 6.0.0 < rails < 6.0.3.2 Not affected: Applications with `config.action_dispatch.show_exceptions = false` (this is not a default setting in production) Fixed Versions: rails >= 6.0.3.2 Impact ------ Using this issue, an attacker would be able to execute any migrations that are pending for a Rails app running in production mode. It is important to note that an attacker is limited to running migrations the application developer has already defined in their application and ones that have not already run. Workarounds ----------- Until such time as the patch can be applied, application developers should disable the ActionDispatch middleware in their production environment via a line such as this one in their config/environment/production.rb: `config.middleware.delete ActionDispatch::ActionableExceptions`
6.0.3.2
Affected by 19 other vulnerabilities.
VCID-58sa-6uag-z7hp
Aliases:
CVE-2013-0156
GHSA-jmgw-6vjg-jjwg
OSV-89026
actionpack Improper Input Validation vulnerability `active_support/core_ext/hash/conversions.rb` in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
2.3.15
Affected by 41 other vulnerabilities.
3.0.19
Affected by 42 other vulnerabilities.
3.1.0.beta1
Affected by 47 other vulnerabilities.
3.1.10
Affected by 42 other vulnerabilities.
3.2.0.rc1
Affected by 49 other vulnerabilities.
3.2.11
Affected by 44 other vulnerabilities.
VCID-5a2t-fre4-zkay
Aliases:
CVE-2012-1099
GHSA-2xjj-5x6h-8vmf
OSV-79727
Cross-site Scripting in actionpack Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/form_options_helper.rb` in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.
3.0.12
Affected by 46 other vulnerabilities.
3.1.0.beta1
Affected by 47 other vulnerabilities.
3.1.4
Affected by 46 other vulnerabilities.
3.2.0.rc1
Affected by 49 other vulnerabilities.
3.2.2
Affected by 48 other vulnerabilities.
VCID-5pfg-7ntp-eff4
Aliases:
CVE-2011-4319
GHSA-xxr8-833v-c7wc
OSV-77199
Cross-site Scripting vulnerability in i18n translations helper method Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an "html" substring.
3.0.11
Affected by 47 other vulnerabilities.
3.1.2
Affected by 47 other vulnerabilities.
VCID-5psk-hzaf-1kbz
Aliases:
CVE-2013-4491
GHSA-699m-mcjm-9cw8
OSV-100528
actionpack vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/translation_helper.rb` in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.
3.2.16
Affected by 37 other vulnerabilities.
4.0.2
Affected by 35 other vulnerabilities.
VCID-6z21-pd9d-pfgk
Aliases:
CVE-2020-8164
GHSA-8727-m6gj-mc37
Possible Strong Parameters Bypass in ActionPack There is a strong parameters bypass vector in ActionPack. Versions Affected: rails <= 6.0.3 Not affected: rails < 5.0.0 Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1 Impact ------ In some cases user supplied information can be inadvertently leaked from Strong Parameters. Specifically the return value of `each`, or `each_value`, or `each_pair` will return the underlying "untrusted" hash of data that was read from the parameters. Applications that use this return value may be inadvertently use untrusted user input. Impacted code will look something like this: ``` def update # Attacker has included the parameter: `{ is_admin: true }` User.update(clean_up_params) end def clean_up_params params.each { |k, v| SomeModel.check(v) if k == :name } end ``` Note the mistaken use of `each` in the `clean_up_params` method in the above example. Workarounds ----------- Do not use the return values of `each`, `each_value`, or `each_pair` in your application.
5.2.4.3
Affected by 15 other vulnerabilities.
6.0.3.1
Affected by 20 other vulnerabilities.
VCID-8nkw-8mka-1ygk
Aliases:
CVE-2011-3187
GHSA-3vfw-7rcp-3xgm
actionpack Improper Input Validation vulnerability The `to_s` method in `actionpack/lib/action_dispatch/middleware/remote_ip.rb` in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.
2.3.13
Affected by 0 other vulnerabilities.
2.3.14
Affected by 45 other vulnerabilities.
VCID-98gu-r7wd-cuah
Aliases:
CVE-2023-22792
GHSA-p84v-45xj-wwqj
GMS-2023-58
ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: >= 3.0.0 Not affected: < 3.0.0 Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. Releases The FIXED releases are available at the normal locations. Workarounds We recommend that all users upgrade to one of the FIXED versions. In the meantime, users can mitigate this vulnerability by using a load balancer or other device to filter out malicious X_FORWARDED_HOST headers before they reach the application. Patches To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset. 6-1-Use-string-split-instead-of-regex-for-domain-parts.patch - Patch for 6.1 series 7-0-Use-string-split-instead-of-regex-for-domain-parts.patch - Patch for 7.0 series Please note that only the 7.0.Z and 6.1.Z series are supported at present, and 6.0.Z for severe vulnerabilities. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases. https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
5.2.8
Affected by 8 other vulnerabilities.
5.2.8.15
Affected by 0 other vulnerabilities.
6.1.7.1
Affected by 9 other vulnerabilities.
7.0.4.1
Affected by 10 other vulnerabilities.
VCID-9gqn-8g4t-wfby
Aliases:
CVE-2013-1855
GHSA-q759-hwvc-m3jg
OSV-91452
actionpack Cross-site Scripting vulnerability The `sanitize_css` method in `lib/action_controller/vendor/html-scanner/html/sanitizer.rb` in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle `\n` (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
2.3.18
Affected by 40 other vulnerabilities.
3.1.12
Affected by 42 other vulnerabilities.
3.2.13
Affected by 44 other vulnerabilities.
VCID-a6wp-n5yh-ybcv
Aliases:
CVE-2008-7248
GHSA-8fqx-7pv4-3jwm
Improper Input Validation in actionpack Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain. There are no reported fixed by versions.
VCID-baur-f442-wqgw
Aliases:
CVE-2011-3186
GHSA-fcqf-h4h4-695m
OSV-74616
actionpack CRLF injection vulnerability CRLF injection vulnerability in `actionpack/lib/action_controller/response.rb` in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.
2.3.13
Affected by 0 other vulnerabilities.
2.3.14
Affected by 45 other vulnerabilities.
3.0.0.beta
Affected by 46 other vulnerabilities.
VCID-bfbp-7umh-2fcp
Aliases:
CVE-2009-3086
GHSA-fg9w-g6m4-557j
actionpack and activesupport vulnerable to information leaks A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.
2.3.4
Affected by 46 other vulnerabilities.
VCID-cs1f-uhb2-xkcm
Aliases:
CVE-2013-6416
GHSA-w37c-q653-qg95
OSV-100526
actionpack Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the simple_format helper in `actionpack/lib/action_view/helpers/text_helper.rb` in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.
3.1.0
Affected by 47 other vulnerabilities.
3.2.0
Affected by 50 other vulnerabilities.
4.0.2
Affected by 35 other vulnerabilities.
VCID-dd87-gevs-juhe
Aliases:
CVE-2024-41128
GHSA-x76w-6vjr-8xgj
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. Impact ------ Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. Releases -------- The fixed releases are available at the normal locations. Workarounds ----------- Users on Ruby 3.2 are unaffected by this issue. Credits ------- Thanks to [scyoon](https://hackerone.com/scyoon) for the report and patches!
6.1.7.9
Affected by 2 other vulnerabilities.
7.0.0.alpha1
Affected by 7 other vulnerabilities.
7.0.8.5
Affected by 2 other vulnerabilities.
7.1.0.beta1
Affected by 5 other vulnerabilities.
7.1.4.1
Affected by 2 other vulnerabilities.
7.2.0.beta1
Affected by 5 other vulnerabilities.
7.2.1.1
Affected by 2 other vulnerabilities.
8.0.0.beta1
Affected by 4 other vulnerabilities.
VCID-eeru-6pyc-8bcd
Aliases:
CVE-2024-47887
GHSA-vfg9-r3fq-jvx4
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact ------ For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. Releases -------- The fixed releases are available at the normal locations. Workarounds ----------- Users on Ruby 3.2 are unaffected by this issue. Credits ------- Thanks to [scyoon](https://hackerone.com/scyoon) for reporting
6.1.7.9
Affected by 2 other vulnerabilities.
7.0.0.alpha1
Affected by 7 other vulnerabilities.
7.0.8.5
Affected by 2 other vulnerabilities.
7.1.0.beta1
Affected by 5 other vulnerabilities.
7.1.4.1
Affected by 2 other vulnerabilities.
7.2.0.beta1
Affected by 5 other vulnerabilities.
7.2.1.1
Affected by 2 other vulnerabilities.
8.0.0.beta1
Affected by 4 other vulnerabilities.
VCID-ejgq-s79w-abd6
Aliases:
CVE-2011-2197
GHSA-v9v4-7jp6-8c73
rails Cross-site Scripting vulnerability The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.
2.3.11
Affected by 46 other vulnerabilities.
2.3.12
Affected by 46 other vulnerabilities.
3.0.7
Affected by 47 other vulnerabilities.
3.0.8
Affected by 47 other vulnerabilities.
VCID-g13k-qvy7-q3fk
Aliases:
CVE-2011-0446
GHSA-75w6-p6mg-vh8j
Rails actionpack gem vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in the `mail_to` helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.
2.3.11
Affected by 46 other vulnerabilities.
3.0.4
Affected by 48 other vulnerabilities.
VCID-g2a6-uem4-uuce
Aliases:
CVE-2011-0447
GHSA-24fg-p96v-hxh8
actionpack Cross-Site Request Forgery vulnerability Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696.
2.3.11
Affected by 46 other vulnerabilities.
3.0.4
Affected by 48 other vulnerabilities.
VCID-jpj6-wzp3-m3e4
Aliases:
CVE-2014-0082
GHSA-7cgp-c3g7-qvrw
OSV-103440
actionpack Improper Input Validation vulnerability `actionpack/lib/action_view/template/text.rb` in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the `:text` option to the `render` method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
3.2.17
Affected by 35 other vulnerabilities.
4.0.0.beta1
Affected by 41 other vulnerabilities.
4.0.0
Affected by 48 other vulnerabilities.
VCID-k6aw-heeb-wke2
Aliases:
CVE-2023-22795
GHSA-8xww-x3g3-6jcv
GMS-2023-56
ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1 Impact A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. Releases The FIXED releases are available at the normal locations. Workarounds We recommend that all users upgrade to one of the FIXED versions. In the meantime, users can mitigate this vulnerability by using a load balancer or other device to filter out malicious If-None-Match headers before they reach the application. Users on Ruby 3.2.0 or greater are not affected by this vulnerability. Patches To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset. 6-1-Avoid-regex-backtracking-on-If-None-Match-header.patch - Patch for 6.1 series 7-0-Avoid-regex-backtracking-on-If-None-Match-header.patch - Patch for 7.0 series Please note that only the 7.0.Z and 6.1.Z series are supported at present, and 6.0.Z for severe vulnerabilities. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.
5.2.8
Affected by 8 other vulnerabilities.
6.1.7.1
Affected by 9 other vulnerabilities.
7.0.4.1
Affected by 10 other vulnerabilities.
VCID-kshz-ckjc-77ab
Aliases:
CVE-2022-27777
GHSA-ch3h-j2vf-95pv
GMS-2022-1138
tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag helpers
5.2.7.1
Affected by 8 other vulnerabilities.
6.0.4.8
Affected by 8 other vulnerabilities.
6.1.5.1
Affected by 9 other vulnerabilities.
7.0.2.4
Affected by 11 other vulnerabilities.
VCID-m9ud-s6w6-x7ac
Aliases:
CVE-2023-28362
GHSA-4g8v-vg43-wpgf
actionpack: Possible XSS via User Supplied Values to redirect_to
6.1.7.4
Affected by 6 other vulnerabilities.
7.0.5.1
Affected by 7 other vulnerabilities.
VCID-mnh7-4rvx-suay
Aliases:
CVE-2012-2660
GHSA-hgpp-pp89-4fgf
OSV-82610
Action Pack contains database-query restrictions bypass `actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `[nil]` values, a related issue to CVE-2012-2694.
2.3.16
Affected by 40 other vulnerabilities.
3.0.13
Affected by 46 other vulnerabilities.
3.1.5
Affected by 46 other vulnerabilities.
3.2.4
Affected by 48 other vulnerabilities.
VCID-n7ga-1sx4-yfcv
Aliases:
CVE-2021-22903
GHSA-5hq2-xf89-9jxq
rubygem-actionpack: Possible Open Redirect Vulnerability in Action Pack
6.1.3.2
Affected by 14 other vulnerabilities.
VCID-n7kh-9mpq-13c7
Aliases:
CVE-2009-3009
GHSA-8qrh-h9m2-5fvf
OSV-57666
Cross site scripting that affects rails Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.
2.3.4
Affected by 46 other vulnerabilities.
VCID-nax4-x97j-9fgr
Aliases:
CVE-2013-6414
GHSA-mpxf-gcw2-pw5q
OSV-100525
actionpack Improper Input Validation vulnerability `actionpack/lib/action_view/lookup_context.rb` in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.
3.2.16
Affected by 37 other vulnerabilities.
4.0.2
Affected by 35 other vulnerabilities.
VCID-nmz3-ux68-dkfd
Aliases:
CVE-2026-33167
GHSA-pgm4-439c-5jp6
Rails: Action Pack: Action Pack: Cross-Site Scripting (XSS) via improper exception message escaping
8.1.2.1
Affected by 0 other vulnerabilities.
VCID-nnka-c23v-qub7
Aliases:
CVE-2013-6415
GHSA-6h5q-96hp-9jgm
OSV-100524
actionpack vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in the `number_to_currency` helper in `actionpack/lib/action_view/helpers/number_helper.rb` in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.
3.2.16
Affected by 37 other vulnerabilities.
4.0.2
Affected by 35 other vulnerabilities.
VCID-p1yd-keq8-rkh3
Aliases:
CVE-2011-2931
GHSA-v5jg-558j-q67c
actionpack Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the `strip_tags` helper in `actionpack/lib/action_controller/vendor/html-scanner/html/node.rb` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.
2.3.13
Affected by 0 other vulnerabilities.
2.3.14
Affected by 45 other vulnerabilities.
3.0.10
Affected by 47 other vulnerabilities.
VCID-qth9-abgp-wyaq
Aliases:
CVE-2024-54133
GHSA-vfm5-rmrh-j26v
Possible Content Security Policy bypass in Action Dispatch There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper in Action Pack. Impact ------ Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Releases -------- The fixed releases are available at the normal locations. Workarounds ----------- Applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input. Credits ------- Thanks to [ryotak](https://hackerone.com/ryotak) for the report!
7.0.8.7
Affected by 1 other vulnerability.
7.1.0.beta1
Affected by 5 other vulnerabilities.
7.1.5.1
Affected by 1 other vulnerability.
7.2.0.beta1
Affected by 5 other vulnerabilities.
7.2.2.1
Affected by 1 other vulnerability.
8.0.0.beta1
Affected by 4 other vulnerabilities.
8.0.0.1
Affected by 1 other vulnerability.
VCID-r6mr-ay8d-nqdd
Aliases:
CVE-2016-0751
GHSA-ffpv-c4hm-3x6v
actionpack is vulnerable to denial of service via a crafted HTTP Accept header actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
3.2.22.1
Affected by 30 other vulnerabilities.
4.1.14.1
Affected by 29 other vulnerabilities.
4.2.5.1
Affected by 28 other vulnerabilities.
5.0.0.beta1.1
Affected by 26 other vulnerabilities.
VCID-rgw4-mrr9-euda
Aliases:
CVE-2012-3465
GHSA-7g65-ghrg-hpf5
OSV-84513
actionpack Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
2.3.16
Affected by 40 other vulnerabilities.
3.0.17
Affected by 43 other vulnerabilities.
3.1.0.beta1
Affected by 47 other vulnerabilities.
3.1.8
Affected by 43 other vulnerabilities.
3.2.0.rc1
Affected by 49 other vulnerabilities.
3.2.8
Affected by 45 other vulnerabilities.
VCID-sg9h-7dqr-xugu
Aliases:
CVE-2014-7818
GHSA-29gr-w57f-rpfw
actionpack vulnerable to Path Traversal Directory traversal vulnerability in `actionpack/lib/action_dispatch/middleware/static.rb` in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when `serve_static_assets` is enabled, allows remote attackers to determine the existence of files outside the application root via a `/..%2F` sequence.
3.2.20
Affected by 33 other vulnerabilities.
4.0.11
Affected by 32 other vulnerabilities.
4.1.0.beta1
Affected by 34 other vulnerabilities.
4.1.7
Affected by 32 other vulnerabilities.
4.2.0.beta1
Affected by 32 other vulnerabilities.
4.2.0.beta3
Affected by 31 other vulnerabilities.
VCID-v2hk-dfbe-5khc
Aliases:
CVE-2024-26142
GHSA-jjhx-jhvp-74wq
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch # Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: >= 7.1.0, < 7.1.3.1 Not affected: < 7.1.0 Fixed Versions: 7.1.3.1 Impact ------ Carefully crafted Accept headers can cause Accept header parsing in Action Dispatch to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or use one of the workarounds immediately. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Releases -------- The fixed releases are available at the normal locations. Workarounds ----------- There are no feasible workarounds for this issue. Patches ------- To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset. * 7-1-accept-redox.patch - Patch for 7.1 series Credits ------- Thanks [svalkanov](https://hackerone.com/svalkanov) for the report and patch!
7.1.3.1
Affected by 5 other vulnerabilities.
VCID-v3u5-6bpb-qfgf
Aliases:
CVE-2014-7829
GHSA-h56m-vwxc-3qpw
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818.
3.2.21
Affected by 32 other vulnerabilities.
4.0.11.1
Affected by 31 other vulnerabilities.
4.0.12
Affected by 32 other vulnerabilities.
4.1.0.beta1
Affected by 34 other vulnerabilities.
4.1.7.1
Affected by 31 other vulnerabilities.
4.1.8
Affected by 32 other vulnerabilities.
4.2.0.beta1
Affected by 32 other vulnerabilities.
4.2.0.beta4
Affected by 31 other vulnerabilities.
VCID-vhjv-9864-tbcs
Aliases:
CVE-2013-1857
GHSA-j838-vfpq-fmf2
OSV-91454
actionpack Cross-site Scripting vulnerability The sanitize helper in `lib/action_controller/vendor/html-scanner/html/sanitizer.rb` in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded `:` (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a `&#x3a;` sequence.
2.3.18
Affected by 40 other vulnerabilities.
3.1.12
Affected by 42 other vulnerabilities.
3.2.13
Affected by 44 other vulnerabilities.
VCID-vs1a-m7ya-rue8
Aliases:
CVE-2014-0081
GHSA-m46p-ggm5-5j83
OSV-103439
Rails vulnerable to Cross-site Scripting There is an XSS vulnerability in the `number_to_currency`, `number_to_percentage` and `number_to_human` helpers in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0081. Versions Affected: All. Fixed Versions: 4.1.0.beta2, 4.0.3, 3.2.17. Impact ------ These helpers allows users to nicely format a numeric value. Some of the parameters to the helper (format, negative_format and units) are not escaped correctly. Applications which pass user controlled data as one of these parameters are vulnerable to an XSS attack. All users passing user controlled data to these parameters of the number helpers should either upgrade or use one of the workarounds immediately. Releases -------- The 4.1.0.rc1, 4.0.3 and 3.2.17 releases are available at the normal locations. Workarounds ----------- The workaround for this issue is to escape the value passed to the parameter. For example, replace code like this: ```ruby <%= number_to_currency(1.02, format: params[:format]) %> ``` With code like this ```ruby <%= number_to_currency(1.02, format: h(params[:format])) %> ``` Patches ------- To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset. * 4-1-beta-number_helpers_xss.patch - Patch for 4.1-beta series * 4-0-number_helpers_xss.patch - Patch for 4.0 series * 3-2-number_helpers_xss.patch - Patch for 3.2 series Please note that only the 4.0.x and 3.2.x series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases. Credits ------- Thanks to Kevin Reintjes for reporting the issue to us. -- Aaron Patterson http://tenderlovemaking.com/
3.2.17
Affected by 35 other vulnerabilities.
4.0.3
Affected by 34 other vulnerabilities.
4.1.0.beta1
Affected by 34 other vulnerabilities.
4.1.1
Affected by 33 other vulnerabilities.
VCID-y13c-awe3-2bc1
Aliases:
CVE-2015-7576
GHSA-p692-7mm3-3fxg
actionpack is vulnerable to remote bypass authentication The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.
3.2.22.1
Affected by 30 other vulnerabilities.
4.1.14.1
Affected by 29 other vulnerabilities.
4.2.5.1
Affected by 28 other vulnerabilities.
5.0.0.beta1.1
Affected by 26 other vulnerabilities.
VCID-z16b-zfgu-13a9
Aliases:
CVE-2021-22904
GHSA-7wjx-3g7j-8584
rails: Possible DoS Vulnerability in Action Controller Token Authentication
5.2.4.6
Affected by 12 other vulnerabilities.
5.2.6
Affected by 12 other vulnerabilities.
6.0.3.7
Affected by 14 other vulnerabilities.
6.1.3.2
Affected by 14 other vulnerabilities.
VCID-zapd-uts9-zfch
Aliases:
CVE-2011-0449
GHSA-4ww3-3rxj-8v6q
actionpack allows remote attackers to bypass intended access restrictions `actionpack/lib/action_view/template/resolver.rb` in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.
3.0.4
Affected by 48 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-4bzb-ft3d-dkgg actionpack Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/form_tag_helper.rb` in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the `prompt` field to the `select_tag` helper. CVE-2012-3463
GHSA-98mf-8f57-64qf
OSV-84515
VCID-cs1f-uhb2-xkcm actionpack Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the simple_format helper in `actionpack/lib/action_view/helpers/text_helper.rb` in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute. CVE-2013-6416
GHSA-w37c-q653-qg95
OSV-100526
VCID-nax4-x97j-9fgr actionpack Improper Input Validation vulnerability `actionpack/lib/action_view/lookup_context.rb` in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching. CVE-2013-6414
GHSA-mpxf-gcw2-pw5q
OSV-100525

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-30T06:12:47.657606+00:00 GitLab Importer Affected by VCID-m9ud-s6w6-x7ac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2023-28362.yml 38.6.0
2026-05-30T05:57:58.314720+00:00 GitLab Importer Affected by VCID-k6aw-heeb-wke2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/GMS-2023-56.yml 38.6.0
2026-05-30T05:33:02.294565+00:00 GitLab Importer Affected by VCID-kshz-ckjc-77ab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2022-27777.yml 38.6.0
2026-05-30T04:44:50.339166+00:00 GitLab Importer Affected by VCID-z16b-zfgu-13a9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2021-22904.yml 38.6.0
2026-05-30T04:44:48.306678+00:00 GitLab Importer Affected by VCID-n7ga-1sx4-yfcv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2021-22903.yml 38.6.0
2026-05-30T04:20:22.618436+00:00 GitLab Importer Affected by VCID-4w1v-z4zj-6ydp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2020-8185.yml 38.6.0
2026-05-30T04:19:47.189743+00:00 GitLab Importer Affected by VCID-6z21-pd9d-pfgk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2020-8164.yml 38.6.0
2026-05-30T03:46:33.555623+00:00 GitLab Importer Affected by VCID-ejgq-s79w-abd6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2011-2197.yml 38.6.0
2026-05-30T03:46:29.447389+00:00 GitLab Importer Affected by VCID-123f-6px7-3qdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2016-0752.yml 38.6.0
2026-05-30T03:46:21.880311+00:00 GitLab Importer Affected by VCID-mnh7-4rvx-suay https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2012-2660.yml 38.6.0
2026-05-30T03:46:16.929454+00:00 GitLab Importer Affected by VCID-g2a6-uem4-uuce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2011-0447.yml 38.6.0
2026-05-30T03:46:15.086419+00:00 GitLab Importer Affected by VCID-n7kh-9mpq-13c7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2009-3009.yml 38.6.0
2026-05-30T03:46:07.804917+00:00 GitLab Importer Affected by VCID-g13k-qvy7-q3fk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2011-0446.yml 38.6.0
2026-05-30T03:46:02.662302+00:00 GitLab Importer Affected by VCID-1xbd-73qv-mff9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2012-3424.yml 38.6.0
2026-05-30T03:46:01.657458+00:00 GitLab Importer Affected by VCID-rgw4-mrr9-euda https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2012-3465.yml 38.6.0
2026-05-30T03:45:59.725059+00:00 GitLab Importer Affected by VCID-8nkw-8mka-1ygk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2011-3187.yml 38.6.0
2026-05-30T03:45:58.473251+00:00 GitLab Importer Affected by VCID-p1yd-keq8-rkh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2011-2931.yml 38.6.0
2026-05-30T03:38:26.048995+00:00 GitLab Importer Affected by VCID-y13c-awe3-2bc1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2015-7576.yml 38.6.0
2026-05-30T03:38:21.508669+00:00 GitLab Importer Affected by VCID-r6mr-ay8d-nqdd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2016-0751.yml 38.6.0
2026-05-30T03:35:39.818141+00:00 GitLab Importer Affected by VCID-vs1a-m7ya-rue8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2014-0081.yml 38.6.0
2026-05-30T03:35:38.711146+00:00 GitLab Importer Affected by VCID-jpj6-wzp3-m3e4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2014-0082.yml 38.6.0
2026-05-30T03:35:24.638353+00:00 GitLab Importer Affected by VCID-nax4-x97j-9fgr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2013-6414.yml 38.6.0
2026-05-30T03:35:21.933642+00:00 GitLab Importer Affected by VCID-nnka-c23v-qub7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2013-6415.yml 38.6.0
2026-05-30T03:35:20.484511+00:00 GitLab Importer Affected by VCID-3rn4-abmh-nkhv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2013-6417.yml 38.6.0
2026-05-30T03:34:42.515906+00:00 GitLab Importer Affected by VCID-9gqn-8g4t-wfby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2013-1855.yml 38.6.0
2026-05-30T03:34:40.649068+00:00 GitLab Importer Affected by VCID-vhjv-9864-tbcs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2013-1857.yml 38.6.0
2026-05-30T03:34:24.456829+00:00 GitLab Importer Affected by VCID-58sa-6uag-z7hp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2013-0156.yml 38.6.0
2026-05-30T03:34:02.247279+00:00 GitLab Importer Affected by VCID-baur-f442-wqgw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2011-3186.yml 38.6.0
2026-05-30T00:02:41.955062+00:00 Ruby Importer Affected by VCID-nmz3-ux68-dkfd https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml 38.6.0
2026-05-30T00:01:16.451152+00:00 Ruby Importer Affected by VCID-qth9-abgp-wyaq https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml 38.6.0
2026-05-30T00:01:07.470419+00:00 Ruby Importer Affected by VCID-dd87-gevs-juhe https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml 38.6.0
2026-05-30T00:00:51.622104+00:00 Ruby Importer Affected by VCID-eeru-6pyc-8bcd https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml 38.6.0
2026-05-30T00:00:34.908053+00:00 Ruby Importer Affected by VCID-v2hk-dfbe-5khc https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml 38.6.0
2026-05-29T23:59:52.522225+00:00 Ruby Importer Affected by VCID-98gu-r7wd-cuah https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml 38.6.0
2026-05-29T23:59:47.955506+00:00 Ruby Importer Affected by VCID-k6aw-heeb-wke2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml 38.6.0
2026-05-29T23:57:49.331599+00:00 Ruby Importer Affected by VCID-zapd-uts9-zfch https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml 38.6.0
2026-05-29T23:57:36.544814+00:00 Ruby Importer Affected by VCID-bfbp-7umh-2fcp https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml 38.6.0
2026-05-29T23:57:27.999197+00:00 Ruby Importer Affected by VCID-g2a6-uem4-uuce https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml 38.6.0
2026-05-29T23:57:11.627734+00:00 Ruby Importer Affected by VCID-p1yd-keq8-rkh3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml 38.6.0
2026-05-29T23:57:10.083565+00:00 Ruby Importer Affected by VCID-8nkw-8mka-1ygk https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml 38.6.0
2026-05-29T23:57:07.293193+00:00 Ruby Importer Affected by VCID-n7kh-9mpq-13c7 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3009.yml 38.6.0
2026-05-29T23:57:01.790016+00:00 Ruby Importer Affected by VCID-3edd-m27s-a3ek https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml 38.6.0
2026-05-29T23:56:45.797384+00:00 Ruby Importer Affected by VCID-ejgq-s79w-abd6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2197.yml 38.6.0
2026-05-29T23:56:42.350453+00:00 Ruby Importer Affected by VCID-1b9z-efz6-9fdu https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml 38.6.0
2026-05-29T23:56:39.213166+00:00 Ruby Importer Affected by VCID-mnh7-4rvx-suay https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml 38.6.0
2026-05-29T23:56:36.781163+00:00 Ruby Importer Affected by VCID-a6wp-n5yh-ybcv https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml 38.6.0
2026-05-29T23:56:33.534169+00:00 Ruby Importer Affected by VCID-g13k-qvy7-q3fk https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml 38.6.0
2026-05-29T23:56:30.632172+00:00 Ruby Importer Affected by VCID-5pfg-7ntp-eff4 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml 38.6.0
2026-05-29T23:55:55.277897+00:00 Ruby Importer Affected by VCID-v3u5-6bpb-qfgf https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml 38.6.0
2026-05-29T23:55:51.902530+00:00 Ruby Importer Affected by VCID-sg9h-7dqr-xugu https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml 38.6.0
2026-05-29T23:55:36.963795+00:00 Ruby Importer Affected by VCID-jpj6-wzp3-m3e4 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml 38.6.0
2026-05-29T23:55:35.115497+00:00 Ruby Importer Affected by VCID-vs1a-m7ya-rue8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml 38.6.0
2026-05-29T23:55:30.521634+00:00 Ruby Importer Fixing VCID-nax4-x97j-9fgr https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml 38.6.0
2026-05-29T23:55:29.292876+00:00 Ruby Importer Affected by VCID-nax4-x97j-9fgr https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml 38.6.0
2026-05-29T23:55:27.999492+00:00 Ruby Importer Affected by VCID-3rn4-abmh-nkhv https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml 38.6.0
2026-05-29T23:55:26.693984+00:00 Ruby Importer Affected by VCID-nnka-c23v-qub7 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml 38.6.0
2026-05-29T23:55:25.401889+00:00 Ruby Importer Affected by VCID-5psk-hzaf-1kbz https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml 38.6.0
2026-05-29T23:55:23.855428+00:00 Ruby Importer Fixing VCID-cs1f-uhb2-xkcm https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml 38.6.0
2026-05-29T23:55:23.130421+00:00 Ruby Importer Affected by VCID-cs1f-uhb2-xkcm https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml 38.6.0
2026-05-29T23:55:08.886565+00:00 Ruby Importer Affected by VCID-9gqn-8g4t-wfby https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml 38.6.0
2026-05-29T23:55:05.661626+00:00 Ruby Importer Affected by VCID-vhjv-9864-tbcs https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1857.yml 38.6.0
2026-05-29T23:54:45.396233+00:00 Ruby Importer Affected by VCID-58sa-6uag-z7hp https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-0156.yml 38.6.0
2026-05-29T23:54:37.930710+00:00 Ruby Importer Fixing VCID-4bzb-ft3d-dkgg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-3463.yml 38.6.0
2026-05-29T23:54:36.670609+00:00 Ruby Importer Affected by VCID-4bzb-ft3d-dkgg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-3463.yml 38.6.0
2026-05-29T23:54:35.166263+00:00 Ruby Importer Affected by VCID-rgw4-mrr9-euda https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-3465.yml 38.6.0
2026-05-29T23:54:32.262955+00:00 Ruby Importer Affected by VCID-1xbd-73qv-mff9 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-3424.yml 38.6.0
2026-05-29T23:54:24.724044+00:00 Ruby Importer Affected by VCID-5a2t-fre4-zkay https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml 38.6.0
2026-05-29T23:54:19.914462+00:00 Ruby Importer Affected by VCID-baur-f442-wqgw https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml 38.6.0