pkg:RubyGems/actionpack

62 total CVEsHIGH13MEDIUM14LOW1

✅ Check your installed version

All known vulnerabilities

  • HIGH7.5CVE-2014-0130⚠ KEVactionpack Path Traversal vulnerability
    >= 3.0.0, < 3.2.18
  • HIGH7.5CVE-2016-0752⚠ KEVDirectory traversal vulnerability in Action View in Ruby on Rails
    >= 4.0.0, < 4.1.14.1
  • HIGH7.5CVE-2024-26142Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch
    >= 7.1.0, < 7.1.3.1
  • HIGH7.5CVE-2023-22792ReDoS based DoS vulnerability in Action Dispatch
    >= 3.0.0, < 5.2.8.15
  • HIGH7.5CVE-2023-22795ReDoS based DoS vulnerability in Action Dispatch
    >= 4.0.0.beta1, < 6.1.7.1
  • HIGH7.5CVE-2021-22904Possible DoS Vulnerability in Action Controller Token Authentication
    >= 6.0.0, < 6.0.3.7
  • HIGH7.5CVE-2021-22885rails - security update
    >= 6.0.0, < 6.0.3.7
  • HIGH7.5CVE-2021-22902Denial of Service in Action Dispatch
    >= 6.0.0, < 6.0.3.7
  • HIGH7.5CVE-2020-8164rails - security update
    >= 5.0.0, < 5.2.4.3
  • HIGH7.5CVE-2015-7581actionpack is vulnerable to denial of service because of a wildcard controller route
    >= 4.0.0, < 4.2.5.1
  • HIGH7.5CVE-2016-0751actionpack is vulnerable to denial of service via a crafted HTTP Accept header
    >= 4.2.0, < 4.2.5.1
  • HIGH7.4CVE-2022-23633Exposure of information in Action Pack
    >= 5.0.0.0, < 5.2.6.2
  • HIGH7.3CVE-2016-2098actionpack allows remote code execution via application's unrestricted use of render method
    >= 3.0.0, < 3.2.22.2
  • MEDIUM6.5CVE-2020-8185Untrusted users can run pending migrations in production in Rails
    >= 6.0.0, < 6.0.3.2
  • MEDIUM6.1CVE-2024-26143Rails Possible XSS Vulnerability in Action Controller
    >= 7.0.0, < 7.0.8.1
  • MEDIUM6.1CVE-2023-22797Open Redirect Vulnerability in Action Pack
    >= 7.0.0, < 7.0.4.1
  • MEDIUM6.1CVE-2022-22577Cross-site Scripting Vulnerability in Action Pack
    >= 5.2.0, < 5.2.7.1
  • MEDIUM6.1CVE-2011-1497Cross site scripting in actionpack Rubygem
    >= 3.0.0.rc, < 3.0.6
  • MEDIUM6.1CVE-2021-44528actionpack Open Redirect in Host Authorization Middleware
    >= 6.0.0, < 6.0.4.2
  • MEDIUM6.1CVE-2021-22942rails - security update
    >= 6.0.0, < 6.0.4.1
  • MEDIUM6.1CVE-2021-22903Possible Open Redirect Vulnerability in Action Pack
    >= 6.1.0.rc2, < 6.1.3.2
  • MEDIUM6.1CVE-2020-8264Cross-site scripting in actionpack
    >= 6.0.0, < 6.0.3.4
  • MEDIUM6.1CVE-2021-22881Actionpack Open Redirect Vulnerability
    >= 6.0.0, < 6.0.3.5
  • MEDIUM5.4CVE-2024-28103Action Pack is missing security headers on non-HTML responses
    >= 6.1.0, < 6.1.7.8
  • MEDIUM5.3CVE-2016-2097rails - security update
    >= 3.0.0, < 3.2.22.2
  • MEDIUM4.3CVE-2020-8166Ability to forge per-form CSRF tokens in Rails
    >= 5.0.0, < 5.2.4.3
  • MEDIUM4.0CVE-2023-28362rails - security update
    from 0, < 6.1.7.4
  • LOW3.7CVE-2015-7576ruby-actionpack-3.2 - security update
    >= 3.1.0, < 3.2.22.1
  • CVE-2026-33167Rails has a possible XSS vulnerability in its Action Pack debug exceptions
    >= 8.1.0, < 8.1.2.1
  • CVE-2024-54133Possible Content Security Policy bypass in Action Dispatch
    >= 5.2.0, < 7.0.8.7
  • CVE-2024-47887Action Controller has possible ReDoS vulnerability in HTTP Token authentication
    >= 4.0.0, < 6.1.7.9
  • CVE-2024-41128Action Dispatch has possible ReDoS vulnerability in query parameter filtering
    >= 3.1.0, < 6.1.7.9
  • CVE-2011-2929actionpack Improper Input Validation vulnerability
    >= 3.0.0, < 3.0.10
  • CVE-2011-0449actionpack allows remote attackers to bypass intended access restrictions
    >= 3.0.0, < 3.0.4
  • CVE-2011-0446rails - several vulnerabilities
    from 0, < 2.3.11
  • CVE-2011-3187actionpack Improper Input Validation vulnerability
    >= 2.3.0, < 2.3.13
  • CVE-2008-7248Improper Input Validation in actionpack
    >= 2.1.0, < 2.1.3
  • CVE-2009-3009rails - cross-site scripting
    >= 2.0.0, < 2.2.3
  • CVE-2009-3086rails - several
    >= 2.1.0, < 2.2.3
  • CVE-2012-2660Action Pack contains database-query restrictions bypass
    >= 3.0.0.beta, < 3.0.13
  • CVE-2012-1099rails - cross site scripting
    >= 3.0.0, < 3.0.12
  • CVE-2011-0447actionpack Cross-Site Request Forgery vulnerability
    >= 2.1.0, < 2.3.11
  • CVE-2012-2694actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
    >= 3.0.13, < 3.0.14
  • CVE-2012-3424actionpack Improper Authentication vulnerability
    >= 3.0.0.beta, < 3.0.16
  • CVE-2011-2197rails Cross-site Scripting vulnerability
    >= 2.0.0, < 2.3.12
  • CVE-2011-2931actionpack Cross-site Scripting vulnerability
    >= 2.0.0, < 2.3.13
  • CVE-2011-3186actionpack CRLF injection vulnerability
    >= 2.3.0, < 2.3.13
  • CVE-2011-4319Cross-site Scripting vulnerability in i18n translations helper method
    >= 3.0.0, < 3.0.11
  • CVE-2013-1857actionpack Cross-site Scripting vulnerability
    from 0, < 2.3.18
  • CVE-2013-4491actionpack vulnerable to Cross-site Scripting
    >= 3.0.0, < 3.2.16
  • CVE-2012-3465actionpack Cross-site Scripting vulnerability
    >= 3.0.0.beta, < 3.0.17
  • CVE-2013-0156rails - insufficient input validation
    from 0, < 2.3.15
  • CVE-2013-6414actionpack Improper Input Validation vulnerability
    >= 3.0.0, < 3.2.16
  • CVE-2012-3463actionpack Cross-site Scripting vulnerability
    >= 3.0, < 3.0.17
  • CVE-2013-1855actionpack Cross-site Scripting vulnerability
    from 0, < 2.3.18
  • CVE-2013-6416actionpack Cross-site Scripting vulnerability
    >= 4.0.0, < 4.0.2
  • CVE-2013-6417actionpack allows bypass of database-query restrictions
    >= 3.0.0, < 3.2.16
  • CVE-2013-6415actionpack vulnerable to Cross-site Scripting
    >= 3.0.0, < 3.2.16
  • CVE-2014-7829Directory traversal vulnerability in actionpack
    >= 4.1.0, < 4.1.8
  • CVE-2014-0081ruby-actionpack-3.2 - security update
    >= 3.0.0, < 3.2.17
  • CVE-2014-7818actionpack vulnerable to Path Traversal
    >= 3.0.0, < 3.2.20
  • CVE-2014-0082actionpack Improper Input Validation vulnerability
    >= 3.0.0, < 3.2.17