actionpack vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the actionpack package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Regular Expression Denial of Service (ReDoS)

>=3.1.0, <6.1.7.9 >=7.0.0, <7.0.8.5 >=7.1.0, <7.1.4.1 >=7.2.0, <7.2.1.1
  • M
Regular Expression Denial of Service (ReDoS)

>=3.1.0, <6.1.7.9 >=7.0.0, <7.0.8.5 >=7.1.0, <7.1.4.1 >=7.2.0, <7.2.1.1
  • M
Improper Input Validation

>=6.1.0, <6.1.7.8 >=7.0.0, <7.0.8.4 >=7.1.0, <7.1.3.4 >=7.2.0.beta1, <7.2.0.beta2
  • H
Exposure of Data Element to Wrong Session

>=5.2.0, <6.1.7.7 >=7.0.0, <7.0.8.1
  • M
Regular Expression Denial of Service (ReDoS)

>=7.1.0, <7.1.3.1
  • M
Cross-site Scripting (XSS)

>=7.0.0, <7.0.8.1 >=7.1.0, <7.1.3.1
  • M
Cross-site Scripting (XSS)

<6.1.7.4 >=7.0.0.0, <7.0.5.1
  • M
Regular Expression Denial of Service (ReDoS)

>=3.0.0, <6.1.7.1 >=7.0.0, <7.0.4.1
  • M
Regular Expression Denial of Service (ReDoS)

<6.1.7.1 >=7.0.0, <7.0.4.1
  • M
Open Redirect

>=7.0.0, <7.0.4.1
  • M
Open Redirect

>=7.0.3, <7.0.4
  • M
Cross-site Scripting (XSS)

>=5.2.0, <5.2.7.1 >=6.0.0.beta1, <6.0.4.8 >=6.1.0.rc1, <6.1.5.1 >=7.0.0.alpha1, <7.0.2.4
  • H
Information Exposure

<5.2.6.2 >=6.0.0.0, <6.0.4.6 >=6.1.0.0, <6.1.4.6 >=7.0.0.0, <7.0.2.2
  • M
Open Redirect

>=6.0.0, <6.0.4.2 >=6.1.0, <6.1.4.2
  • H
Regular Expression Denial of Service (ReDoS)

>=6.1.0, <6.1.3.2 >=6.0.0, <6.0.3.7
  • M
Regular Expression Denial of Service (ReDoS)

>=6.1.0, <6.1.3.2
  • H
Denial of Service (DoS)

>=2.0.0, <5.2.4.6 >=5.2.5, <5.2.6 >=6.0.0, <6.0.3.7 >=6.1.0, <6.1.3.2
  • M
Information Exposure

>=2.0.0, <5.2.4.6 >=5.2.5, <5.2.6 >=6.0.0, <6.0.3.7 >=6.1.0, <6.1.3.2
  • M
Open Redirect

>=6.0.0, <6.0.3.5 >=6.1.0.rc1, <6.1.2.1
  • H
Cross-site Scripting (XSS)

>=6.0.0, <6.0.3.4
  • H
Improper Authorization

>=6.0.0, <6.0.3.2
  • M
Information Exposure

<5.2.4.3 >=6.0.0, <6.0.3.1
  • M
Cross-site Request Forgery (CSRF)

<5.2.4.3 >=6.0.0, <6.0.3.1
  • H
Authentication Bypass

>=3.0.0, <=3.0.3
  • H
SQL Injection

>=3.0.0, <=3.0.3
  • M
Arbitrary View Rendering

>=3.0.0, <3.0.10 >=3.1.0.beta1, <3.1.0.rc6
  • M
Log Text Injection

>=3.0.5, <3.0.6.rc1
  • M
Cross-site Request Forgery (CSRF)

>=3.0.0, <=3.0.3 >=2.1.0, <=2.3.10
  • M
Cross-site Scripting (XSS)

>=3.0.0, <=3.0.3 >=2.3.0, <=2.3.10
  • M
Cross-site Scripting (XSS)

<3.0.10 >=2.3.0, <2.3.13 >=3.1.0.rc1, <3.1.0.rc5
  • H
Arbitrary Code Execution

<2.3.15 >=3.2.0, <3.2.11 >=3.1.0, <3.1.10 >=3.0.0, <3.0.19
  • M
Cross-site Scripting (XSS)

>=3.2, <3.2.13 >=2.4, <3.1.12 <2.3.18
  • M
Cross-site Scripting (XSS)

>=3.2, <3.2.8 >=3.1, <3.1.8 <3.0.17
  • M
Denial of Service (DoS)

>=3.2, <3.2.7 >=3.1, <3.1.7 >2.3.14, <3.0.16 <2.3.5
  • H
Arbitrary Code Injection

>=4.0.0, <4.1.14.2 >=4.2.0, <4.2.5.2 >=3.2.0.rc1, <3.2.22.2
  • H
Denial of Service (DoS)

>=4.3, <5.0.0.beta1.1 >=4.2, <4.2.5.1 >=3.2.23, <4.1.14.1 <3.2.22.1
  • L
Timing Attack

>=4.3, <5.0.0.beta1.1 >=4.2, <4.2.5.1 >=3.2.23, <4.1.14.1 <3.2.22.1
  • H
Denial of Service (DoS)

>=4.3, <5.0.0.beta1 >=4.2, <4.2.5.1 >=4.0.0, <4.1.14.1
  • M
Arbitrary File Existence Exposure

>=4.1, <4.1.7.1 >=3.3, <4.0.11.1 >=3.0.0, <3.2.21
  • M
Arbitrary File Existence Exposure

>=4.2.0.beta1, <4.2.0.beta3 >=4.1.0, <4.1.7 >=3.3.0, <4.0.11 >=3.0.0, <3.2.20
  • H
Directory Traversal

>=4.1, <4.1.1 >=3.3, <4.0.5 <3.2.18
  • M
Cross-site Scripting (XSS)

>=4.1.0.beta1, <4.1.0.beta2 >=4.0.0.beta1, <4.0.3 <3.2.17
  • M
Denial of Service (DoS)

<3.2.17
  • M
Cross-site Scripting (XSS)

<2.3.0 >=2.4, <3.1.0 >=3.3, <4.0.2
  • M
Cross-site Scripting (XSS)

>=3.3, <4.0.2 <3.2.16
  • M
Unsafe Query Generation Risk

>=3.3, <4.0.2 <3.2.16
  • M
Denial of Service (DoS)

>=3.3, <4.0.2 >=2.4, <3.2.16 <2.3.0
  • M
Cross-site Scripting (XSS)

>=3.3, <4.0.2 <3.2.16
  • M
Cross-site Scripting (XSS)

>=3.2, <3.2.13 >=2.4, <3.1.12 <2.3.18
  • M
Cross-site Scripting (XSS)

>=3.2, <3.2.8 >=3.1, <3.1.8 >=2.4, <3.0.17 <2.3.0
  • M
Cross-site Scripting (XSS)

>=3.2, <3.2.2 >=3.1, <3.1.4 <3.0.12
  • M
Cross-site Scripting (XSS)

>=3.1, <3.1.2 <3.0.11
  • M
HTTP Response Splitting

<2.3.13