Search for packages
| purl | pkg:gem/actionpack@4.2.0.alpha |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9hq5-3usy-5fhq
Aliases: CVE-2016-0751 GHSA-ffpv-c4hm-3x6v |
Possible Object Leak and Denial of Service attack A carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack. |
Affected by 28 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-bjwf-uhyk-63aj
Aliases: CVE-2015-7576 GHSA-p692-7mm3-3fxg |
Timing attack vulnerability in basic authentication Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for `http_basic_authenticate_with` method calls in your application. |
Affected by 28 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-d15q-6ukb-wfff
Aliases: CVE-2015-7581 GHSA-9h6g-gp95-x3q5 |
Object leak vulnerability for wildcard controller routes Users that have a route that contains the string `:controller` are susceptible to objects being leaked globally which can lead to unbounded memory growth. To identify if your application is vulnerable, look for routes that contain `:controller`. |
Affected by 28 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:47:00.801043+00:00 | GitLab Importer | Affected by | VCID-bjwf-uhyk-63aj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2015-7576.yml | 38.0.0 |
| 2026-04-01T12:47:00.745859+00:00 | GitLab Importer | Affected by | VCID-d15q-6ukb-wfff | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2015-7581.yml | 38.0.0 |
| 2026-04-01T12:47:00.640496+00:00 | GitLab Importer | Affected by | VCID-9hq5-3usy-5fhq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2016-0751.yml | 38.0.0 |