Search for packages
| purl | pkg:gem/actionpack@3.2.22.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9hq5-3usy-5fhq
Aliases: CVE-2016-0751 GHSA-ffpv-c4hm-3x6v |
Possible Object Leak and Denial of Service attack A carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack. |
Affected by 30 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 28 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 26 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-bjwf-uhyk-63aj
Aliases: CVE-2015-7576 GHSA-p692-7mm3-3fxg |
Timing attack vulnerability in basic authentication Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for `http_basic_authenticate_with` method calls in your application. |
Affected by 30 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 28 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 26 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-h8gs-ansa-9bd9
Aliases: GHSA-m53f-rhq8-q6hf |
Moderate severity vulnerability that affects actionpack Withdrawn, accidental duplicate publish. actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header. |
Affected by 30 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 28 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-ynqu-cjn9-fqf2
Aliases: GHSA-vwfg-qj3r-6v3r |
Moderate severity vulnerability that affects actionpack Withdrawn, accidental duplicate publish. The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences. |
Affected by 30 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 28 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:56:40.974696+00:00 | GHSA Importer | Affected by | VCID-ynqu-cjn9-fqf2 | https://github.com/advisories/GHSA-vwfg-qj3r-6v3r | 38.0.0 |
| 2026-04-01T15:56:40.617727+00:00 | GHSA Importer | Affected by | VCID-h8gs-ansa-9bd9 | https://github.com/advisories/GHSA-m53f-rhq8-q6hf | 38.0.0 |
| 2026-04-01T15:56:15.338932+00:00 | GHSA Importer | Affected by | VCID-bjwf-uhyk-63aj | https://github.com/advisories/GHSA-p692-7mm3-3fxg | 38.0.0 |
| 2026-04-01T15:56:12.938466+00:00 | GHSA Importer | Affected by | VCID-9hq5-3usy-5fhq | https://github.com/advisories/GHSA-ffpv-c4hm-3x6v | 38.0.0 |