actionpack vulnerabilities

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Latest version: 6.0.0

Licenses detected

  • license: Unknown < 3.2.14.rc1, >= 0.9.0
  • license: MIT >= 3.2.14.rc1
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the actionpack package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Arbitrary View Rendering
>=3.0.0, <3.0.10,>=3.1.0.beta1, <3.1.0.rc6 Not available 28 Feb, 2017
  • M
Log Text Injection
= 3.0.5 Not available 28 Feb, 2017
  • H
Authentication Bypass
>= 3.0.0, <=3.0.3 Not available 28 Feb, 2017
  • H
SQL Injection
>= 3.0.0, <=3.0.3 Not available 28 Feb, 2017
  • M
Cross-site Request Forgery (CSRF)
>= 3.0.0, <= 3.0.3,>= 2.1.0, <= 2.3.10 Not available 28 Feb, 2017
  • M
Cross-site Scripting (XSS)
>= 3.0.0, <= 3.0.3,>= 2.3.0, <= 2.3.10 Not available 28 Feb, 2017
  • M
Cross-site Scripting (XSS)
< 3.0.10,>= 2.3.0, < 2.3.13,>=3.1.0.rc1, <3.1.0.rc5 Not available 26 Dec, 2016
  • M
Cross-site Scripting (XSS)
< 3.2.13, >= 3.2,< 3.1.12, >= 2.4,< 2.3.18 Not available 18 Oct, 2016
  • H
Arbitrary Code Execution
<2.3.15,>=3.2.0, <3.2.11,>=3.1.0, <3.1.10,>=3.0.0, <3.0.19 Not available 18 Oct, 2016
  • M
Cross-site Scripting (XSS)
< 3.2.8, >= 3.2,< 3.1.8, >= 3.1,< 3.0.17 Not available 18 Oct, 2016
  • M
Denial of Service (DoS)
< 3.2.7, >= 3.2,< 3.1.7, >= 3.1,< 3.0.16, > 2.3.14,< 2.3.5 Not available 18 Oct, 2016
  • H
Arbitrary Code Injection
>=4.0.0, <4.1.14.2,>=4.2.0, <4.2.5.2,>=3.2.0.rc1, <3.2.22.2 Not available 28 Feb, 2016
  • L
Timing Attack
< 5.0.0.beta1.1, >= 4.3,< 4.2.5.1, >= 4.2,< 4.1.14.1, >= 3.2.23,< 3.2.22.1 Not available 24 Jan, 2016
  • H
Denial of Service (DoS)
< 5.0.0.beta1.1, >= 4.3,< 4.2.5.1, >= 4.2,< 4.1.14.1, >= 3.2.23,< 3.2.22.1 Not available 24 Jan, 2016
  • H
Denial of service (DoS)
< 5.0.0.beta1, >= 4.3,< 4.2.5.1, >= 4.2,< 4.1.14.1, >= 4.0.0 Not available 24 Jan, 2016
  • M
Arbitrary File Existence Exposure
< 4.1.7.1, >= 4.1,< 4.0.11.1, >= 3.3,< 3.2.21, >= 3.0.0 Not available 16 Nov, 2014
  • M
Arbitrary File Existence Exposure
>=4.2.0.beta1, <4.2.0.beta3,>=4.1.0, <4.1.7,>=3.3.0, <4.0.11,>=3.0.0, <3.2.20 Not available 29 Oct, 2014
  • M
Directory Traversal
< 4.1.1, >= 4.1,< 4.0.5, >= 3.3,< 3.2.18 Not available 05 May, 2014
  • M
Denial of Service (DoS)
< 3.2.17 Not available 17 Feb, 2014
  • M
Cross-site Scripting (XSS)
>=4.1.0.beta1, <4.1.0.beta2,>=4.0.0.beta1, <4.0.3,<3.2.17 Not available 17 Feb, 2014
  • M
Unsafe Query Generation Risk
< 4.0.2, >= 3.3,< 3.2.16 Not available 02 Dec, 2013
  • M
Reflective Vulnerability (XSS)
< 4.0.2, >= 3.3,< 3.2.16 Not available 02 Dec, 2013
  • M
Denial of Service (DoS)
< 4.0.2, >= 3.3,< 3.2.16, >= 2.4,< 2.3.0 Not available 02 Dec, 2013
  • M
Cross-site Scripting (XSS)
< 4.0.2, >= 3.3,< 3.2.16 Not available 02 Dec, 2013
  • M
Cross-site Scripting (XSS)
< 4.0.2, >= 3.3,< 3.1.0, >= 2.4,< 2.3.0 Not available 02 Dec, 2013
  • M
Cross-site Scripting (XSS)
< 3.2.13, >= 3.2,< 3.1.12, >= 2.4,< 2.3.18 Not available 16 Oct, 2013
  • M
Cross-site Scripting (XSS)
< 3.2.8, >= 3.2,< 3.1.8, >= 3.1,< 3.0.17, >= 2.4,< 2.3.0 Not available 08 Aug, 2012
  • M
Cross-site Scripting (XSS)
< 3.2.2, >= 3.2,< 3.1.4, >= 3.1,< 3.0.12 Not available 29 Feb, 2012