activesupport vulnerabilities

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.

Latest version: 6.0.3.2

Licenses detected

  • license: MIT >= 0
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the activesupport package. This does not include vulnerabilities belonging to this package’s dependencies.

Report new vulnerabilities
Vulnerability Vulnerable versions Snyk patch Published
  • H
Deserialization of Untrusted Data
<5.2.4.3,>=6.0.0, <6.0.3.1 Not available 19 May, 2020
  • M
Cross-site Scripting (XSS)
>=2.0.0, <2.3.13,>=3.0.0, <3.0.10,>=3.1.0.beta1, <3.1.0.rc5 Not available 26 Nov, 2019
  • M
Cross-site Scripting (XSS)
< 4.2.2, >= 4.2,< 4.1.11, >= 4.1.0 Not available 15 Jun, 2015
  • M
Denial of Service (DoS)
< 4.2.2, >= 4.2,< 4.1.11, >= 3.3,< 3.2.22 Not available 15 Jun, 2015
  • M
Denial of Service (DoS)
< 3.2.13, >= 3.2,< 3.1.12, >= 2.4,< 2.3.0 Not available 18 Mar, 2013
  • H
Arbitrary Code Injection
< 3.0.20, >= 2.4,< 2.3.16 Not available 27 Jan, 2013
  • M
Cross-site Scripting (XSS)
< 3.2.8, >= 3.2,< 3.1.8, >= 3.1,< 3.0.17 Not available 08 Aug, 2012
  • M
Cross-site Scripting (XSS)
< 3.2.2, >= 3.2,< 3.1.4, >= 3.1,< 3.0.12, >= 3.0.0 Not available 29 Feb, 2012