Search for packages
| purl | pkg:gem/actionpack@4.1.14.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4yst-m2tc-t3de
Aliases: GHSA-544j-77x9-h938 |
Moderate severity vulnerability that affects actionpack Withdrawn, accidental duplicate publish. actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route. |
Affected by 29 other vulnerabilities. Affected by 28 other vulnerabilities. |
|
VCID-9hq5-3usy-5fhq
Aliases: CVE-2016-0751 GHSA-ffpv-c4hm-3x6v |
Possible Object Leak and Denial of Service attack A carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack. |
Affected by 29 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-bjwf-uhyk-63aj
Aliases: CVE-2015-7576 GHSA-p692-7mm3-3fxg |
Timing attack vulnerability in basic authentication Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for `http_basic_authenticate_with` method calls in your application. |
Affected by 29 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-h8gs-ansa-9bd9
Aliases: GHSA-m53f-rhq8-q6hf |
Moderate severity vulnerability that affects actionpack Withdrawn, accidental duplicate publish. actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header. |
Affected by 29 other vulnerabilities. Affected by 28 other vulnerabilities. |
|
VCID-v3r3-bwp5-a3bn
Aliases: CVE-2016-0752 GHSA-xrr4-p6fq-hjg7 |
Path Traversal The Rails gem allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` in a pathname. |
Affected by 29 other vulnerabilities. Affected by 28 other vulnerabilities. |
|
VCID-ynqu-cjn9-fqf2
Aliases: GHSA-vwfg-qj3r-6v3r |
Moderate severity vulnerability that affects actionpack Withdrawn, accidental duplicate publish. The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences. |
Affected by 29 other vulnerabilities. Affected by 28 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:56:41.032552+00:00 | GHSA Importer | Affected by | VCID-ynqu-cjn9-fqf2 | https://github.com/advisories/GHSA-vwfg-qj3r-6v3r | 38.0.0 |
| 2026-04-01T15:56:40.589220+00:00 | GHSA Importer | Affected by | VCID-h8gs-ansa-9bd9 | https://github.com/advisories/GHSA-m53f-rhq8-q6hf | 38.0.0 |
| 2026-04-01T15:56:40.306209+00:00 | GHSA Importer | Affected by | VCID-4yst-m2tc-t3de | https://github.com/advisories/GHSA-544j-77x9-h938 | 38.0.0 |
| 2026-04-01T15:56:15.087923+00:00 | GHSA Importer | Affected by | VCID-bjwf-uhyk-63aj | https://github.com/advisories/GHSA-p692-7mm3-3fxg | 38.0.0 |
| 2026-04-01T15:56:13.114299+00:00 | GHSA Importer | Affected by | VCID-v3r3-bwp5-a3bn | https://github.com/advisories/GHSA-xrr4-p6fq-hjg7 | 38.0.0 |
| 2026-04-01T15:56:11.668799+00:00 | GHSA Importer | Affected by | VCID-9hq5-3usy-5fhq | https://github.com/advisories/GHSA-ffpv-c4hm-3x6v | 38.0.0 |