Search for packages
| purl | pkg:gem/actionpack@3.2.0.0.alpha |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-apra-79g2-wkfn
Aliases: CVE-2016-2098 GHSA-78rc-8c29-p45g |
Improper Input Validation The Rails gem allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-vm51-p4w4-n3du
Aliases: CVE-2016-2097 GHSA-vx9j-46rh-fqr8 |
Possible Information Leak Vulnerability Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack. |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-30T20:52:23.629224+00:00 | GitLab Importer | Affected by | VCID-apra-79g2-wkfn | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2016-2098.yml | 38.6.0 |
| 2026-05-30T20:52:23.557264+00:00 | GitLab Importer | Affected by | VCID-vm51-p4w4-n3du | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2016-2097.yml | 38.6.0 |