Search for packages
| purl | pkg:gem/actionpack@2.4.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4epw-vk25-mfdw
Aliases: CVE-2013-1855 GHSA-q759-hwvc-m3jg OSV-91452 |
XSS vulnerability in sanitize_css in Action Pack Carefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack. |
Affected by 47 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 50 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-4he5-y1u4-gkd2
Aliases: CVE-2013-1857 GHSA-j838-vfpq-fmf2 OSV-91454 |
XSS Vulnerability in the `sanitize` helper The `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious. |
Affected by 47 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 50 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-carc-ntrd-ebfe
Aliases: CVE-2013-0156 GHSA-jmgw-6vjg-jjwg OSV-89026 |
Multiple vulnerabilities in parameter parsing in Action Pack There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. |
Affected by 47 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 52 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 47 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 54 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 50 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:46:48.813895+00:00 | GitLab Importer | Affected by | VCID-4epw-vk25-mfdw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2013-1855.yml | 38.0.0 |
| 2026-04-01T12:46:48.720718+00:00 | GitLab Importer | Affected by | VCID-4he5-y1u4-gkd2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2013-1857.yml | 38.0.0 |
| 2026-04-01T12:46:47.868782+00:00 | GitLab Importer | Affected by | VCID-carc-ntrd-ebfe | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2013-0156.yml | 38.0.0 |