UpgradeRuby.com

The go-to resource for upgrading Ruby, Rails, and your dependencies.

Posts Tagged: json

Understanding and Fixing CVE-2007-3227: The ActiveRecord to_json XSS Vulnerability

A look back at CVE-2007-3227, examining how ActiveRecord's to_json method in early Rails versions could lead to XSS vulnerabilities.

Mar 15, 2026

rubyrailssecurityxssjsonactiverecordcvelegacy