| 0 |
| url |
VCID-12x8-jxdf-jqdz |
| vulnerability_id |
VCID-12x8-jxdf-jqdz |
| summary |
Actionpack Open Redirect Vulnerability
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-22881 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.15453 |
| scoring_system |
epss |
| scoring_elements |
0.94619 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.15453 |
| scoring_system |
epss |
| scoring_elements |
0.94672 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.15453 |
| scoring_system |
epss |
| scoring_elements |
0.94667 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.15453 |
| scoring_system |
epss |
| scoring_elements |
0.94665 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.15453 |
| scoring_system |
epss |
| scoring_elements |
0.94656 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.15453 |
| scoring_system |
epss |
| scoring_elements |
0.94652 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.15453 |
| scoring_system |
epss |
| scoring_elements |
0.94648 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.15453 |
| scoring_system |
epss |
| scoring_elements |
0.94626 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.15453 |
| scoring_system |
epss |
| scoring_elements |
0.94632 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.15453 |
| scoring_system |
epss |
| scoring_elements |
0.94644 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.15453 |
| scoring_system |
epss |
| scoring_elements |
0.94634 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-22881 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2021-22881, GHSA-8877-prq4-9xfw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-12x8-jxdf-jqdz |
|
| 1 |
| url |
VCID-19fr-55kr-hyax |
| vulnerability_id |
VCID-19fr-55kr-hyax |
| summary |
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0.
There is a potential DOM based cross-site scripting issue in rails-ujs
which leverages the Clipboard API to target HTML elements that are
assigned the contenteditable attribute. This has the potential to
occur when pasting malicious HTML content from the clipboard that
includes a data-method, data-remote or data-disable-with attribute.
This vulnerability has been assigned the CVE identifier CVE-2023-23913.
Not affected: < 5.1.0
Versions Affected: >= 5.1.0
Fixed Versions: 6.1.7.3, 7.0.4.3
Impact
If the specified malicious HTML clipboard content is provided to a
contenteditable element, this could result in the arbitrary execution
of javascript on the origin in question.
Releases
The FIXED releases are available at the normal locations.
Workarounds
We recommend that all users upgrade to one of the FIXED versions.
In the meantime, users can attempt to mitigate this vulnerability
by removing the contenteditable attribute from elements in pages
that rails-ujs will interact with.
Patches
To aid users who aren’t able to upgrade immediately we have provided
patches for the two supported release series. They are in git-am
format and consist of a single changeset.
* rails-ujs-data-method-contenteditable-6-1.patch - Patch for 6.1 series
* rails-ujs-data-method-contenteditable-7-0.patch - Patch for 7.0 series
Please note that only the 7.0.Z and 6.1.Z series are
supported at present, and 6.0.Z for severe vulnerabilities.
Users of earlier unsupported releases are advised to upgrade as
soon as possible as we cannot guarantee the continued availability
of security fixes for unsupported releases.
Credits
We would like to thank ryotak 15 for reporting this!
* rails-ujs-data-method-contenteditable-6-1.patch (8.5 KB)
* rails-ujs-data-method-contenteditable-7-0.patch (8.5 KB)
* rails-ujs-data-method-contenteditable-main.patch (8.9 KB) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-23913 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30304 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30226 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30269 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30265 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.3023 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.3017 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30353 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30179 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00152 |
| scoring_system |
epss |
| scoring_elements |
0.35905 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00152 |
| scoring_system |
epss |
| scoring_elements |
0.35918 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00152 |
| scoring_system |
epss |
| scoring_elements |
0.35856 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-23913 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2023-23913, GHSA-xp5h-f8jf-rc8q
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-19fr-55kr-hyax |
|
| 2 |
| url |
VCID-1bxs-yghe-cyck |
| vulnerability_id |
VCID-1bxs-yghe-cyck |
| summary |
URL Redirection to Untrusted Site ('Open Redirect')
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-22942 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00533 |
| scoring_system |
epss |
| scoring_elements |
0.67413 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00533 |
| scoring_system |
epss |
| scoring_elements |
0.67378 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00533 |
| scoring_system |
epss |
| scoring_elements |
0.67412 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00533 |
| scoring_system |
epss |
| scoring_elements |
0.67424 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00533 |
| scoring_system |
epss |
| scoring_elements |
0.67403 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00533 |
| scoring_system |
epss |
| scoring_elements |
0.6739 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00533 |
| scoring_system |
epss |
| scoring_elements |
0.67361 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00533 |
| scoring_system |
epss |
| scoring_elements |
0.67339 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00533 |
| scoring_system |
epss |
| scoring_elements |
0.67302 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00533 |
| scoring_system |
epss |
| scoring_elements |
0.67402 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00533 |
| scoring_system |
epss |
| scoring_elements |
0.67425 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-22942 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2021-22942, GHSA-2rqw-v265-jf8c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1bxs-yghe-cyck |
|
| 3 |
| url |
VCID-1rgy-k7a9-m7au |
| vulnerability_id |
VCID-1rgy-k7a9-m7au |
| summary |
XSS via posted select tag options
Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1099 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00399 |
| scoring_system |
epss |
| scoring_elements |
0.60704 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00399 |
| scoring_system |
epss |
| scoring_elements |
0.60616 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00399 |
| scoring_system |
epss |
| scoring_elements |
0.60645 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00399 |
| scoring_system |
epss |
| scoring_elements |
0.60665 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00399 |
| scoring_system |
epss |
| scoring_elements |
0.6068 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00399 |
| scoring_system |
epss |
| scoring_elements |
0.60705 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00399 |
| scoring_system |
epss |
| scoring_elements |
0.60691 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00399 |
| scoring_system |
epss |
| scoring_elements |
0.60671 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00399 |
| scoring_system |
epss |
| scoring_elements |
0.60713 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00399 |
| scoring_system |
epss |
| scoring_elements |
0.60719 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00399 |
| scoring_system |
epss |
| scoring_elements |
0.60541 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1099 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2012-1099, GHSA-2xjj-5x6h-8vmf, OSV-79727
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1rgy-k7a9-m7au |
|
| 4 |
| url |
VCID-1rxp-g9rz-4yb3 |
| vulnerability_id |
VCID-1rxp-g9rz-4yb3 |
| summary |
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
This vulnerability has been assigned the CVE identifier CVE-2023-28120.
Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3
# Impact
ActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized.
When these strings are mutated, the tag is should be removed to mark them as no longer being html_safe.
Ruby 3.2 introduced a new bytesplice method which ActiveSupport does not yet understand to be a mutation.
Users on older versions of Ruby are likely unaffected.
All users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately.
# Workarounds
Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-28120 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00395 |
| scoring_system |
epss |
| scoring_elements |
0.60419 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00395 |
| scoring_system |
epss |
| scoring_elements |
0.60411 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00395 |
| scoring_system |
epss |
| scoring_elements |
0.6037 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00395 |
| scoring_system |
epss |
| scoring_elements |
0.60382 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00395 |
| scoring_system |
epss |
| scoring_elements |
0.60403 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00395 |
| scoring_system |
epss |
| scoring_elements |
0.60366 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00395 |
| scoring_system |
epss |
| scoring_elements |
0.60317 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00395 |
| scoring_system |
epss |
| scoring_elements |
0.60349 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00395 |
| scoring_system |
epss |
| scoring_elements |
0.60323 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00395 |
| scoring_system |
epss |
| scoring_elements |
0.60389 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-28120 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2023-28120, GHSA-pj73-v5mw-pm9j, GMS-2023-765
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1rxp-g9rz-4yb3 |
|
| 5 |
| url |
VCID-1x8k-t8mr-3fgp |
| vulnerability_id |
VCID-1x8k-t8mr-3fgp |
| summary |
URL Redirection to Untrusted Site ('Open Redirect')
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44528 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.25125 |
| scoring_system |
epss |
| scoring_elements |
0.96194 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.25125 |
| scoring_system |
epss |
| scoring_elements |
0.96193 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.25125 |
| scoring_system |
epss |
| scoring_elements |
0.96188 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.25125 |
| scoring_system |
epss |
| scoring_elements |
0.9618 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.25125 |
| scoring_system |
epss |
| scoring_elements |
0.96178 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.25125 |
| scoring_system |
epss |
| scoring_elements |
0.96175 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.25125 |
| scoring_system |
epss |
| scoring_elements |
0.9615 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.25125 |
| scoring_system |
epss |
| scoring_elements |
0.96142 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.25125 |
| scoring_system |
epss |
| scoring_elements |
0.96171 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.25125 |
| scoring_system |
epss |
| scoring_elements |
0.96161 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.25125 |
| scoring_system |
epss |
| scoring_elements |
0.96158 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44528 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2021-44528, GHSA-qphc-hf5q-v8fc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1x8k-t8mr-3fgp |
|
| 6 |
| url |
VCID-2efj-tf8d-dfck |
| vulnerability_id |
VCID-2efj-tf8d-dfck |
| summary |
Strong Parameter bypass with create_with
The `create_with` functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3514 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00331 |
| scoring_system |
epss |
| scoring_elements |
0.5607 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00331 |
| scoring_system |
epss |
| scoring_elements |
0.5609 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00331 |
| scoring_system |
epss |
| scoring_elements |
0.56101 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00331 |
| scoring_system |
epss |
| scoring_elements |
0.56078 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00331 |
| scoring_system |
epss |
| scoring_elements |
0.56061 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00331 |
| scoring_system |
epss |
| scoring_elements |
0.56096 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00331 |
| scoring_system |
epss |
| scoring_elements |
0.56098 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00331 |
| scoring_system |
epss |
| scoring_elements |
0.55925 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00331 |
| scoring_system |
epss |
| scoring_elements |
0.56036 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00331 |
| scoring_system |
epss |
| scoring_elements |
0.56057 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00331 |
| scoring_system |
epss |
| scoring_elements |
0.56035 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.00331 |
| scoring_system |
epss |
| scoring_elements |
0.56086 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3514 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1 |
|
|
| aliases |
CVE-2014-3514, GHSA-9rf5-jm6f-2fmm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2efj-tf8d-dfck |
|
| 7 |
| url |
VCID-31xv-z8c6-a7bg |
| vulnerability_id |
VCID-31xv-z8c6-a7bg |
| summary |
XSS in Action View
There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks.
### Impact
When an HTML-unsafe string is passed as the default for a missing translation key [named `html` or ending in `_html`](https://guides.rubyonrails.org/i18n.html#using-safe-html-translations), the default string is incorrectly marked as HTML-safe and not escaped. Vulnerable code may look like the following examples:
```erb
<%# The welcome_html translation is not defined for the current locale: %>
<%= t("welcome_html", default: untrusted_user_controlled_string) %>
<%# Neither the title.html translation nor the missing.html translation is defined for the current locale: %>
<%= t("title.html", default: [:"missing.html", untrusted_user_controlled_string]) %>
```
### Patches
Patched Rails versions, 6.0.3.3 and 5.2.4.4, are available from the normal locations.
The patches have also been applied to the `master`, `6-0-stable`, and `5-2-stable` branches on GitHub. If you track any of these branches, you should update to the latest.
To aid users who aren’t able to upgrade immediately, we’ve provided patches for the two supported release series. They are in git-am format and consist of a single changeset.
* [5-2-translate-helper-xss.patch](https://gist.github.com/georgeclaghorn/a466e103922ee81f24c32c9034089442#file-5-2-translate-helper-xss-patch) — patch for the 5.2 release series
* [6-0-translate-helper-xss.patch](https://gist.github.com/georgeclaghorn/a466e103922ee81f24c32c9034089442#file-6-0-translate-helper-xss-patch) — patch for the 6.0 release series
Please note that only the 5.2 and 6.0 release series are currently supported. Users of earlier, unsupported releases are advised to update as soon as possible, as we cannot provide security fixes for unsupported releases.
### Workarounds
Impacted users who can’t upgrade to a patched Rails version can avoid this issue by manually escaping default translations with the `html_escape` helper (aliased as `h`):
```erb
<%= t("welcome_html", default: h(untrusted_user_controlled_string)) %>
``` |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-15169 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01497 |
| scoring_system |
epss |
| scoring_elements |
0.81152 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01497 |
| scoring_system |
epss |
| scoring_elements |
0.81155 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.01497 |
| scoring_system |
epss |
| scoring_elements |
0.81153 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.01497 |
| scoring_system |
epss |
| scoring_elements |
0.81116 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.01497 |
| scoring_system |
epss |
| scoring_elements |
0.81123 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.01497 |
| scoring_system |
epss |
| scoring_elements |
0.81136 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.01497 |
| scoring_system |
epss |
| scoring_elements |
0.81118 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01497 |
| scoring_system |
epss |
| scoring_elements |
0.81112 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.01497 |
| scoring_system |
epss |
| scoring_elements |
0.81085 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.01497 |
| scoring_system |
epss |
| scoring_elements |
0.81061 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.01497 |
| scoring_system |
epss |
| scoring_elements |
0.81052 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-15169 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2020-15169, GHSA-cfjv-5498-mph5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-31xv-z8c6-a7bg |
|
| 8 |
| url |
VCID-333w-aacz-mfcr |
| vulnerability_id |
VCID-333w-aacz-mfcr |
| summary |
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true` |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-7829 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50157 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50154 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50104 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50158 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50152 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50169 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50142 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50139 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50183 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50184 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50091 |
| published_at |
2026-04-01T12:55:00Z |
|
| 11 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50126 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-7829 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1 |
|
|
| aliases |
CVE-2014-7829, GHSA-h56m-vwxc-3qpw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-333w-aacz-mfcr |
|
| 9 |
| url |
VCID-3hur-esmy-x3hr |
| vulnerability_id |
VCID-3hur-esmy-x3hr |
| summary |
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
There is a possible ReDoS vulnerability in the plain_text_for_blockquote_node helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888.
Impact
------
Carefully crafted text can cause the plain_text_for_blockquote_node helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.
Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
Users can avoid calling `plain_text_for_blockquote_node` or upgrade to Ruby 3.2
Credits
-------
Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the report! |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-47888 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00517 |
| scoring_system |
epss |
| scoring_elements |
0.66719 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00517 |
| scoring_system |
epss |
| scoring_elements |
0.66734 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00517 |
| scoring_system |
epss |
| scoring_elements |
0.66721 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00517 |
| scoring_system |
epss |
| scoring_elements |
0.66687 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00517 |
| scoring_system |
epss |
| scoring_elements |
0.66717 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00517 |
| scoring_system |
epss |
| scoring_elements |
0.6673 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00517 |
| scoring_system |
epss |
| scoring_elements |
0.66646 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00517 |
| scoring_system |
epss |
| scoring_elements |
0.66695 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00517 |
| scoring_system |
epss |
| scoring_elements |
0.66672 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00517 |
| scoring_system |
epss |
| scoring_elements |
0.6671 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-47888 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-47888, GHSA-wwhv-wxv9-rpgw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3hur-esmy-x3hr |
|
| 10 |
| url |
VCID-3m2y-wy1w-n7h1 |
| vulnerability_id |
VCID-3m2y-wy1w-n7h1 |
| summary |
SQL Injection Vulnerabilities Affecting PostgreSQL
SQLi vulnerability in activerecord. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3483 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79352 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79321 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.7933 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79354 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79339 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79328 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79355 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79351 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79279 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79286 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79309 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79295 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3483 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1 |
|
|
| aliases |
CVE-2014-3483, GHSA-r8fh-hq2p-7qhq, OSV-108665
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3m2y-wy1w-n7h1 |
|
| 11 |
| url |
VCID-3wtf-uu89-2qe5 |
| vulnerability_id |
VCID-3wtf-uu89-2qe5 |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0081 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00885 |
| scoring_system |
epss |
| scoring_elements |
0.75435 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00885 |
| scoring_system |
epss |
| scoring_elements |
0.75446 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00885 |
| scoring_system |
epss |
| scoring_elements |
0.75467 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00885 |
| scoring_system |
epss |
| scoring_elements |
0.75447 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00885 |
| scoring_system |
epss |
| scoring_elements |
0.75438 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00885 |
| scoring_system |
epss |
| scoring_elements |
0.75378 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00885 |
| scoring_system |
epss |
| scoring_elements |
0.75382 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00885 |
| scoring_system |
epss |
| scoring_elements |
0.75394 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00885 |
| scoring_system |
epss |
| scoring_elements |
0.75415 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00885 |
| scoring_system |
epss |
| scoring_elements |
0.75471 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00885 |
| scoring_system |
epss |
| scoring_elements |
0.75483 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00885 |
| scoring_system |
epss |
| scoring_elements |
0.75477 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0081 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2014-0081, GHSA-m46p-ggm5-5j83, OSV-103439
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3wtf-uu89-2qe5 |
|
| 12 |
| url |
VCID-43f3-rxwm-fkgv |
| vulnerability_id |
VCID-43f3-rxwm-fkgv |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability." |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2932 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74208 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74295 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74303 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74293 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.7424 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74214 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74256 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74263 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74282 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.7426 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74246 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74213 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2932 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2011-2932, GHSA-9fh3-vh3h-q4g3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-43f3-rxwm-fkgv |
|
| 13 |
| url |
VCID-49pq-vg95-jkh2 |
| vulnerability_id |
VCID-49pq-vg95-jkh2 |
| summary |
Cross-Site Request Forgery (CSRF)
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-0447 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.7688 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76886 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76907 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76879 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76868 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76837 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76822 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76828 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76857 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76918 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76927 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76922 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-0447 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2011-0447, GHSA-24fg-p96v-hxh8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-49pq-vg95-jkh2 |
|
| 14 |
| url |
VCID-4cky-r218-dkbb |
| vulnerability_id |
VCID-4cky-r218-dkbb |
| summary |
activerecord vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2930 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00955 |
| scoring_system |
epss |
| scoring_elements |
0.76471 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00955 |
| scoring_system |
epss |
| scoring_elements |
0.76467 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00955 |
| scoring_system |
epss |
| scoring_elements |
0.76366 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00955 |
| scoring_system |
epss |
| scoring_elements |
0.76457 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00955 |
| scoring_system |
epss |
| scoring_elements |
0.76399 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00955 |
| scoring_system |
epss |
| scoring_elements |
0.76369 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00955 |
| scoring_system |
epss |
| scoring_elements |
0.76425 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00955 |
| scoring_system |
epss |
| scoring_elements |
0.76431 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00955 |
| scoring_system |
epss |
| scoring_elements |
0.76453 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00955 |
| scoring_system |
epss |
| scoring_elements |
0.76427 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00955 |
| scoring_system |
epss |
| scoring_elements |
0.76414 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00955 |
| scoring_system |
epss |
| scoring_elements |
0.76381 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2930 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2011-2930, GHSA-h6w6-xmqv-7q78
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4cky-r218-dkbb |
|
| 15 |
| url |
VCID-4epw-vk25-mfdw |
| vulnerability_id |
VCID-4epw-vk25-mfdw |
| summary |
XSS vulnerability in sanitize_css in Action Pack
Carefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1855 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67489 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67385 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67421 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67443 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67473 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67487 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.6751 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67497 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67463 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67499 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67512 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1855 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
|
| 156 |
|
| 157 |
|
| 158 |
|
| 159 |
|
| 160 |
|
| 161 |
|
| 162 |
|
| 163 |
|
| 164 |
|
| 165 |
|
| 166 |
|
| 167 |
|
| 168 |
|
| 169 |
|
| 170 |
|
| 171 |
|
| 172 |
|
| 173 |
|
| 174 |
|
| 175 |
|
| 176 |
|
| 177 |
|
| 178 |
|
| 179 |
|
| 180 |
|
| 181 |
|
| 182 |
|
| 183 |
|
| 184 |
|
| 185 |
|
| 186 |
|
| 187 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2013-1855, GHSA-q759-hwvc-m3jg, OSV-91452
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4epw-vk25-mfdw |
|
| 16 |
| url |
VCID-4he5-y1u4-gkd2 |
| vulnerability_id |
VCID-4he5-y1u4-gkd2 |
| summary |
XSS Vulnerability in the `sanitize` helper
The `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1857 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00625 |
| scoring_system |
epss |
| scoring_elements |
0.70206 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00625 |
| scoring_system |
epss |
| scoring_elements |
0.70138 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00625 |
| scoring_system |
epss |
| scoring_elements |
0.70116 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00625 |
| scoring_system |
epss |
| scoring_elements |
0.70163 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00625 |
| scoring_system |
epss |
| scoring_elements |
0.70179 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00625 |
| scoring_system |
epss |
| scoring_elements |
0.70202 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00625 |
| scoring_system |
epss |
| scoring_elements |
0.70187 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00625 |
| scoring_system |
epss |
| scoring_elements |
0.70175 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00625 |
| scoring_system |
epss |
| scoring_elements |
0.70217 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00625 |
| scoring_system |
epss |
| scoring_elements |
0.70226 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00625 |
| scoring_system |
epss |
| scoring_elements |
0.70111 |
| published_at |
2026-04-01T12:55:00Z |
|
| 11 |
| value |
0.00625 |
| scoring_system |
epss |
| scoring_elements |
0.70123 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1857 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
|
| 156 |
|
| 157 |
|
| 158 |
|
| 159 |
|
| 160 |
|
| 161 |
|
| 162 |
|
| 163 |
|
| 164 |
|
| 165 |
|
| 166 |
|
| 167 |
|
| 168 |
|
| 169 |
|
| 170 |
|
| 171 |
|
| 172 |
|
| 173 |
|
| 174 |
|
| 175 |
|
| 176 |
|
| 177 |
|
| 178 |
|
| 179 |
|
| 180 |
|
| 181 |
|
| 182 |
|
| 183 |
|
| 184 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2013-1857, GHSA-j838-vfpq-fmf2, OSV-91454
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4he5-y1u4-gkd2 |
|
| 17 |
| url |
VCID-5qu2-b8gt-7qe3 |
| vulnerability_id |
VCID-5qu2-b8gt-7qe3 |
| summary |
Active Record subject to Regular Expression Denial-of-Service (ReDoS)
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-22880 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02459 |
| scoring_system |
epss |
| scoring_elements |
0.85168 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02459 |
| scoring_system |
epss |
| scoring_elements |
0.85229 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.02459 |
| scoring_system |
epss |
| scoring_elements |
0.85221 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.02459 |
| scoring_system |
epss |
| scoring_elements |
0.85199 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02459 |
| scoring_system |
epss |
| scoring_elements |
0.85197 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.02459 |
| scoring_system |
epss |
| scoring_elements |
0.85179 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.02599 |
| scoring_system |
epss |
| scoring_elements |
0.85632 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.02599 |
| scoring_system |
epss |
| scoring_elements |
0.85612 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02599 |
| scoring_system |
epss |
| scoring_elements |
0.85616 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.02599 |
| scoring_system |
epss |
| scoring_elements |
0.85636 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.02599 |
| scoring_system |
epss |
| scoring_elements |
0.85608 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.02599 |
| scoring_system |
epss |
| scoring_elements |
0.85631 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-22880 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2021-22880, GHSA-8hc4-xxm3-5ppp
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5qu2-b8gt-7qe3 |
|
| 18 |
| url |
VCID-5x54-hckg-x7b8 |
| vulnerability_id |
VCID-5x54-hckg-x7b8 |
| summary |
Exposure of Sensitive Information to an Unauthorized Actor
A bypass vulnerability in Active Storage for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-16477 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.4941 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49372 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.494 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49354 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49408 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49404 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49422 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49394 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49397 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49443 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.4944 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49345 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-16477 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
|
| aliases |
CVE-2018-16477, GHSA-7rr7-rcjw-56vj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5x54-hckg-x7b8 |
|
| 19 |
| url |
VCID-63gy-6njy-kbd8 |
| vulnerability_id |
VCID-63gy-6njy-kbd8 |
| summary |
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22792 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02264 |
| scoring_system |
epss |
| scoring_elements |
0.84652 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.02639 |
| scoring_system |
epss |
| scoring_elements |
0.85729 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.02639 |
| scoring_system |
epss |
| scoring_elements |
0.85707 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.02639 |
| scoring_system |
epss |
| scoring_elements |
0.85711 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.02639 |
| scoring_system |
epss |
| scoring_elements |
0.85715 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.02639 |
| scoring_system |
epss |
| scoring_elements |
0.8567 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.02639 |
| scoring_system |
epss |
| scoring_elements |
0.85734 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.02639 |
| scoring_system |
epss |
| scoring_elements |
0.85646 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.02639 |
| scoring_system |
epss |
| scoring_elements |
0.85701 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.02639 |
| scoring_system |
epss |
| scoring_elements |
0.85689 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.02639 |
| scoring_system |
epss |
| scoring_elements |
0.85663 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22792 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2023-22792, GHSA-p84v-45xj-wwqj, GMS-2023-58
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-63gy-6njy-kbd8 |
|
| 20 |
| url |
VCID-6ku5-mtgz-zygw |
| vulnerability_id |
VCID-6ku5-mtgz-zygw |
| summary |
Duplicate
This advisory duplicates another. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22796 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01484 |
| scoring_system |
epss |
| scoring_elements |
0.81049 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01733 |
| scoring_system |
epss |
| scoring_elements |
0.82406 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01733 |
| scoring_system |
epss |
| scoring_elements |
0.82424 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01733 |
| scoring_system |
epss |
| scoring_elements |
0.8242 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01733 |
| scoring_system |
epss |
| scoring_elements |
0.82448 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01733 |
| scoring_system |
epss |
| scoring_elements |
0.82454 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01733 |
| scoring_system |
epss |
| scoring_elements |
0.82473 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01733 |
| scoring_system |
epss |
| scoring_elements |
0.82468 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01733 |
| scoring_system |
epss |
| scoring_elements |
0.82463 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01733 |
| scoring_system |
epss |
| scoring_elements |
0.825 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22796 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2023-22796, GHSA-j6gc-792m-qgm2, GMS-2023-61
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6ku5-mtgz-zygw |
|
| 21 |
| url |
VCID-6pxd-xsaw-tuer |
| vulnerability_id |
VCID-6pxd-xsaw-tuer |
| summary |
Active Support Possibly Discloses Locally Encrypted Files
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037.
Versions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-38037 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00076 |
| scoring_system |
epss |
| scoring_elements |
0.2277 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00076 |
| scoring_system |
epss |
| scoring_elements |
0.2281 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00076 |
| scoring_system |
epss |
| scoring_elements |
0.22816 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00076 |
| scoring_system |
epss |
| scoring_elements |
0.22803 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00076 |
| scoring_system |
epss |
| scoring_elements |
0.22911 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00076 |
| scoring_system |
epss |
| scoring_elements |
0.22859 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00076 |
| scoring_system |
epss |
| scoring_elements |
0.22896 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00076 |
| scoring_system |
epss |
| scoring_elements |
0.22876 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00076 |
| scoring_system |
epss |
| scoring_elements |
0.22823 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00076 |
| scoring_system |
epss |
| scoring_elements |
0.22747 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00076 |
| scoring_system |
epss |
| scoring_elements |
0.22954 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-38037 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-38037, GHSA-cr5q-6q9f-rq6q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6pxd-xsaw-tuer |
|
| 22 |
| url |
VCID-6yr6-a21g-dyf5 |
| vulnerability_id |
VCID-6yr6-a21g-dyf5 |
| summary |
Deserialization of Untrusted Data
A Broken Access Control vulnerability in Active Job |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-16476 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00791 |
| scoring_system |
epss |
| scoring_elements |
0.73928 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00791 |
| scoring_system |
epss |
| scoring_elements |
0.73836 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00791 |
| scoring_system |
epss |
| scoring_elements |
0.73846 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00791 |
| scoring_system |
epss |
| scoring_elements |
0.73871 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00791 |
| scoring_system |
epss |
| scoring_elements |
0.73842 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00791 |
| scoring_system |
epss |
| scoring_elements |
0.73877 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00791 |
| scoring_system |
epss |
| scoring_elements |
0.7389 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00791 |
| scoring_system |
epss |
| scoring_elements |
0.73912 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00791 |
| scoring_system |
epss |
| scoring_elements |
0.73893 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00791 |
| scoring_system |
epss |
| scoring_elements |
0.73885 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00791 |
| scoring_system |
epss |
| scoring_elements |
0.73927 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00791 |
| scoring_system |
epss |
| scoring_elements |
0.73936 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-16476 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
|
| aliases |
CVE-2018-16476, GHSA-q2qw-rmrh-vv42
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6yr6-a21g-dyf5 |
|
| 23 |
| url |
VCID-86jq-2md2-d7ah |
| vulnerability_id |
VCID-86jq-2md2-d7ah |
| summary |
Possible XSS Vulnerability in ActionView
There is a possible XSS vulnerability in Action View. Text declared as `HTML safe` will not have quotes escaped when used as attribute values in tag helpers. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-6316 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01626 |
| scoring_system |
epss |
| scoring_elements |
0.81795 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01626 |
| scoring_system |
epss |
| scoring_elements |
0.81899 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.01626 |
| scoring_system |
epss |
| scoring_elements |
0.81897 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.01626 |
| scoring_system |
epss |
| scoring_elements |
0.8186 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.01626 |
| scoring_system |
epss |
| scoring_elements |
0.81866 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.01626 |
| scoring_system |
epss |
| scoring_elements |
0.81878 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.01626 |
| scoring_system |
epss |
| scoring_elements |
0.81859 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01626 |
| scoring_system |
epss |
| scoring_elements |
0.81852 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.01626 |
| scoring_system |
epss |
| scoring_elements |
0.81826 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.01626 |
| scoring_system |
epss |
| scoring_elements |
0.81829 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.01626 |
| scoring_system |
epss |
| scoring_elements |
0.81806 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-6316 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| purl |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 14 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 15 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 16 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 17 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 18 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 19 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 20 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 21 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 22 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 23 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 24 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 25 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 26 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 27 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 28 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 29 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 30 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 31 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 32 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 33 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 34 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 35 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 36 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 37 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 38 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 39 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 40 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2 |
|
|
| aliases |
CVE-2016-6316, GHSA-pc3m-v286-2jwj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-86jq-2md2-d7ah |
|
| 24 |
| url |
VCID-895a-ydc5-zfg6 |
| vulnerability_id |
VCID-895a-ydc5-zfg6 |
| summary |
Circumvention of file size limits in ActiveStorage
There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user.
Versions Affected: rails < 5.2.4.2, rails < 6.0.3.1
Not affected: Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter.
Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1
Impact
------
Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server. This could be used to bypass controls in place on the server to limit upload size.
Workarounds
-----------
This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8162 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01549 |
| scoring_system |
epss |
| scoring_elements |
0.81449 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.01549 |
| scoring_system |
epss |
| scoring_elements |
0.8145 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.01549 |
| scoring_system |
epss |
| scoring_elements |
0.81347 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.01549 |
| scoring_system |
epss |
| scoring_elements |
0.81356 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.01549 |
| scoring_system |
epss |
| scoring_elements |
0.81378 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.01549 |
| scoring_system |
epss |
| scoring_elements |
0.81376 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.01549 |
| scoring_system |
epss |
| scoring_elements |
0.81405 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.01549 |
| scoring_system |
epss |
| scoring_elements |
0.81409 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.01549 |
| scoring_system |
epss |
| scoring_elements |
0.81431 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.01549 |
| scoring_system |
epss |
| scoring_elements |
0.81418 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.01549 |
| scoring_system |
epss |
| scoring_elements |
0.81411 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.01549 |
| scoring_system |
epss |
| scoring_elements |
0.81448 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8162 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2020-8162, GHSA-m42x-37p3-fv5w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-895a-ydc5-zfg6 |
|
| 25 |
| url |
VCID-8dad-dvat-1fg4 |
| vulnerability_id |
VCID-8dad-dvat-1fg4 |
| summary |
Path Traversal in Action View
# File Content Disclosure in Action View
Impact
------
There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.
The impact is limited to calls to `render` which render file contents without a specified accept format. Impacted code in a controller looks something like this:
``` ruby
class UserController < ApplicationController
def index
render file: "#{Rails.root}/some/file"
end
end
```
Rendering templates as opposed to files is not impacted by this vulnerability.
All users running an affected release should either upgrade or use one of the workarounds immediately.
Releases
--------
The 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, and 4.2.11.1 releases are available at the normal locations.
Workarounds
-----------
This vulnerability can be mitigated by specifying a format for file rendering, like this:
``` ruby
class UserController < ApplicationController
def index
render file: "#{Rails.root}/some/file", formats: [:html]
end
end
```
In summary, impacted calls to `render` look like this:
```
render file: "#{Rails.root}/some/file"
```
The vulnerability can be mitigated by changing to this:
```
render file: "#{Rails.root}/some/file", formats: [:html]
```
Other calls to `render` are not impacted.
Alternatively, the following monkey patch can be applied in an initializer:
``` ruby
$ cat config/initializers/formats_filter.rb
# frozen_string_literal: true
ActionDispatch::Request.prepend(Module.new do
def formats
super().select do |format|
format.symbol || format.ref == "*/*"
end
end
end)
```
Credits
-------
Thanks to John Hawthorn <john@hawthorn.email> of GitHub |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://access.redhat.com/errata/RHSA-2019:0796 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2019:0796 |
|
| 3 |
| reference_url |
https://access.redhat.com/errata/RHSA-2019:1147 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2019:1147 |
|
| 4 |
| reference_url |
https://access.redhat.com/errata/RHSA-2019:1149 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2019:1149 |
|
| 5 |
| reference_url |
https://access.redhat.com/errata/RHSA-2019:1289 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2019:1289 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-5418 |
| reference_id |
CVE-2019-5418 |
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 2 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-5418 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
|
| aliases |
CVE-2019-5418, GHSA-86g5-2wh3-gc9j
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8dad-dvat-1fg4 |
|
| 26 |
| url |
VCID-9hq5-3usy-5fhq |
| vulnerability_id |
VCID-9hq5-3usy-5fhq |
| summary |
Possible Object Leak and Denial of Service attack
A carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-0751 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06145 |
| scoring_system |
epss |
| scoring_elements |
0.90838 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.06145 |
| scoring_system |
epss |
| scoring_elements |
0.9077 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.06145 |
| scoring_system |
epss |
| scoring_elements |
0.90776 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.06145 |
| scoring_system |
epss |
| scoring_elements |
0.90787 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.06145 |
| scoring_system |
epss |
| scoring_elements |
0.90797 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.06145 |
| scoring_system |
epss |
| scoring_elements |
0.90808 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.06145 |
| scoring_system |
epss |
| scoring_elements |
0.90814 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.06145 |
| scoring_system |
epss |
| scoring_elements |
0.90823 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.06145 |
| scoring_system |
epss |
| scoring_elements |
0.90821 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.06145 |
| scoring_system |
epss |
| scoring_elements |
0.9084 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-0751 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-0751 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:N/I:N/A:P |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-0751 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| purl |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 14 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 15 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 16 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 17 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 18 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 19 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 20 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 21 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 22 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 23 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 24 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 25 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 26 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 27 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 28 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 29 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 30 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 31 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 32 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 33 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 34 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 35 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 36 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 37 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 38 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 39 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 40 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2 |
|
|
| aliases |
CVE-2016-0751, GHSA-ffpv-c4hm-3x6v
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9hq5-3usy-5fhq |
|
| 27 |
| url |
VCID-9t7a-muwx-zyee |
| vulnerability_id |
VCID-9t7a-muwx-zyee |
| summary |
Improper Access Control
The Rails gem does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing `WHERE` clauses via a crafted request. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-6317 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00381 |
| scoring_system |
epss |
| scoring_elements |
0.59551 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00381 |
| scoring_system |
epss |
| scoring_elements |
0.59517 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00381 |
| scoring_system |
epss |
| scoring_elements |
0.59536 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00381 |
| scoring_system |
epss |
| scoring_elements |
0.59478 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00381 |
| scoring_system |
epss |
| scoring_elements |
0.59538 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00381 |
| scoring_system |
epss |
| scoring_elements |
0.59558 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00381 |
| scoring_system |
epss |
| scoring_elements |
0.59521 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00381 |
| scoring_system |
epss |
| scoring_elements |
0.5947 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00381 |
| scoring_system |
epss |
| scoring_elements |
0.59503 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00381 |
| scoring_system |
epss |
| scoring_elements |
0.59406 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00381 |
| scoring_system |
epss |
| scoring_elements |
0.59552 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00381 |
| scoring_system |
epss |
| scoring_elements |
0.59533 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-6317 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| purl |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 14 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 15 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 16 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 17 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 18 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 19 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 20 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 21 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 22 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 23 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 24 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 25 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 26 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 27 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 28 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 29 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 30 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 31 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 32 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 33 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 34 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 35 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 36 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 37 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 38 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 39 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 40 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2 |
|
|
| aliases |
CVE-2016-6317, GHSA-pr3r-4wrp-r2pv
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9t7a-muwx-zyee |
|
| 28 |
| url |
VCID-a6sp-18av-wya6 |
| vulnerability_id |
VCID-a6sp-18av-wya6 |
| summary |
Possible Strong Parameters Bypass in ActionPack
There is a strong parameters bypass vector in ActionPack.
Versions Affected: rails <= 6.0.3
Not affected: rails < 5.0.0
Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1
Impact
------
In some cases user supplied information can be inadvertently leaked from
Strong Parameters. Specifically the return value of `each`, or `each_value`,
or `each_pair` will return the underlying "untrusted" hash of data that was
read from the parameters. Applications that use this return value may be
inadvertently use untrusted user input.
Impacted code will look something like this:
```
def update
# Attacker has included the parameter: `{ is_admin: true }`
User.update(clean_up_params)
end
def clean_up_params
params.each { |k, v| SomeModel.check(v) if k == :name }
end
```
Note the mistaken use of `each` in the `clean_up_params` method in the above
example.
Workarounds
-----------
Do not use the return values of `each`, `each_value`, or `each_pair` in your
application. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8164 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07389 |
| scoring_system |
epss |
| scoring_elements |
0.91746 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.07389 |
| scoring_system |
epss |
| scoring_elements |
0.9169 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.07389 |
| scoring_system |
epss |
| scoring_elements |
0.91698 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.07389 |
| scoring_system |
epss |
| scoring_elements |
0.91703 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.07389 |
| scoring_system |
epss |
| scoring_elements |
0.91712 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.07389 |
| scoring_system |
epss |
| scoring_elements |
0.91724 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.07389 |
| scoring_system |
epss |
| scoring_elements |
0.91731 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.07389 |
| scoring_system |
epss |
| scoring_elements |
0.91734 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.07389 |
| scoring_system |
epss |
| scoring_elements |
0.91736 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.07389 |
| scoring_system |
epss |
| scoring_elements |
0.91732 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.07389 |
| scoring_system |
epss |
| scoring_elements |
0.91752 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.07389 |
| scoring_system |
epss |
| scoring_elements |
0.91745 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8164 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2020-8164, GHSA-8727-m6gj-mc37
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a6sp-18av-wya6 |
|
| 29 |
| url |
VCID-bjwf-uhyk-63aj |
| vulnerability_id |
VCID-bjwf-uhyk-63aj |
| summary |
Timing attack vulnerability in basic authentication
Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for `http_basic_authenticate_with` method calls in your application. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7576 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01574 |
| scoring_system |
epss |
| scoring_elements |
0.8158 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01574 |
| scoring_system |
epss |
| scoring_elements |
0.81474 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01574 |
| scoring_system |
epss |
| scoring_elements |
0.81486 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01574 |
| scoring_system |
epss |
| scoring_elements |
0.81507 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01574 |
| scoring_system |
epss |
| scoring_elements |
0.81504 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01574 |
| scoring_system |
epss |
| scoring_elements |
0.81533 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01574 |
| scoring_system |
epss |
| scoring_elements |
0.81538 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.01574 |
| scoring_system |
epss |
| scoring_elements |
0.81558 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01574 |
| scoring_system |
epss |
| scoring_elements |
0.81545 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01574 |
| scoring_system |
epss |
| scoring_elements |
0.81576 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.01574 |
| scoring_system |
epss |
| scoring_elements |
0.81577 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7576 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7576 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:N/A:N |
|
| 1 |
| value |
3.7 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 3 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7576 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| purl |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 14 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 15 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 16 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 17 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 18 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 19 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 20 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 21 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 22 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 23 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 24 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 25 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 26 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 27 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 28 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 29 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 30 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 31 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 32 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 33 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 34 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 35 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 36 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 37 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 38 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 39 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 40 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2 |
|
|
| aliases |
CVE-2015-7576, GHSA-p692-7mm3-3fxg
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bjwf-uhyk-63aj |
|
| 30 |
| url |
VCID-c8b5-d83n-nuhw |
| vulnerability_id |
VCID-c8b5-d83n-nuhw |
| summary |
Allocation of Resources Without Limits or Throttling
There is a possible denial of service vulnerability in Action View (Rails) where specially crafted accept headers can cause action view to consume % cpu and make the server unresponsive. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-5419 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.12118 |
| scoring_system |
epss |
| scoring_elements |
0.93833 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.12118 |
| scoring_system |
epss |
| scoring_elements |
0.93764 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.12118 |
| scoring_system |
epss |
| scoring_elements |
0.93773 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.12118 |
| scoring_system |
epss |
| scoring_elements |
0.93783 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.12118 |
| scoring_system |
epss |
| scoring_elements |
0.93787 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.12118 |
| scoring_system |
epss |
| scoring_elements |
0.93795 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.12118 |
| scoring_system |
epss |
| scoring_elements |
0.93798 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.12118 |
| scoring_system |
epss |
| scoring_elements |
0.93803 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.12118 |
| scoring_system |
epss |
| scoring_elements |
0.93825 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.12118 |
| scoring_system |
epss |
| scoring_elements |
0.9383 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-5419 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
|
| aliases |
CVE-2019-5419, GHSA-m63j-wh5w-c252
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c8b5-d83n-nuhw |
|
| 31 |
| url |
VCID-ca7u-t1y4-uuc7 |
| vulnerability_id |
VCID-ca7u-t1y4-uuc7 |
| summary |
Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
There is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0333 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.91935 |
| scoring_system |
epss |
| scoring_elements |
0.997 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.91935 |
| scoring_system |
epss |
| scoring_elements |
0.99691 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.91935 |
| scoring_system |
epss |
| scoring_elements |
0.99692 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.91935 |
| scoring_system |
epss |
| scoring_elements |
0.99693 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.91935 |
| scoring_system |
epss |
| scoring_elements |
0.99694 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.91935 |
| scoring_system |
epss |
| scoring_elements |
0.99695 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.91935 |
| scoring_system |
epss |
| scoring_elements |
0.99696 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.91935 |
| scoring_system |
epss |
| scoring_elements |
0.99697 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0333 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2013-0333, GHSA-xgr2-v94m-rc9g, OSV-89594
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ca7u-t1y4-uuc7 |
|
| 32 |
| url |
VCID-carc-ntrd-ebfe |
| vulnerability_id |
VCID-carc-ntrd-ebfe |
| summary |
Multiple vulnerabilities in parameter parsing in Action Pack
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0156 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.91907 |
| scoring_system |
epss |
| scoring_elements |
0.99694 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.91907 |
| scoring_system |
epss |
| scoring_elements |
0.99693 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.91907 |
| scoring_system |
epss |
| scoring_elements |
0.99692 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.91907 |
| scoring_system |
epss |
| scoring_elements |
0.99691 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.91907 |
| scoring_system |
epss |
| scoring_elements |
0.9969 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.91907 |
| scoring_system |
epss |
| scoring_elements |
0.99689 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.91907 |
| scoring_system |
epss |
| scoring_elements |
0.99697 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.91907 |
| scoring_system |
epss |
| scoring_elements |
0.99696 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0156 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2013-0156, GHSA-jmgw-6vjg-jjwg, OSV-89026
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-carc-ntrd-ebfe |
|
| 33 |
| url |
VCID-ce39-j83r-6ug9 |
| vulnerability_id |
VCID-ce39-j83r-6ug9 |
| summary |
Duplicate
This advisory duplicates another. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-22577 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52126 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52204 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52201 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.5216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52175 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52192 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52141 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52145 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52091 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52099 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52527 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-22577 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2022-22577, GHSA-mm33-5vfq-3mm3, GMS-2022-1137
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ce39-j83r-6ug9 |
|
| 34 |
| url |
VCID-cnqr-6e98-5kgk |
| vulnerability_id |
VCID-cnqr-6e98-5kgk |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-0446 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0067 |
| scoring_system |
epss |
| scoring_elements |
0.71373 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.0067 |
| scoring_system |
epss |
| scoring_elements |
0.71274 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.0067 |
| scoring_system |
epss |
| scoring_elements |
0.71282 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0067 |
| scoring_system |
epss |
| scoring_elements |
0.713 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0067 |
| scoring_system |
epss |
| scoring_elements |
0.71316 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0067 |
| scoring_system |
epss |
| scoring_elements |
0.71329 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0067 |
| scoring_system |
epss |
| scoring_elements |
0.71352 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.0067 |
| scoring_system |
epss |
| scoring_elements |
0.71337 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0067 |
| scoring_system |
epss |
| scoring_elements |
0.7132 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0067 |
| scoring_system |
epss |
| scoring_elements |
0.71366 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-0446 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2011-0446, GHSA-75w6-p6mg-vh8j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cnqr-6e98-5kgk |
|
| 35 |
| url |
VCID-cwa7-9d2t-rfhb |
| vulnerability_id |
VCID-cwa7-9d2t-rfhb |
| summary |
actionpack Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3465 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56143 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56161 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56166 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56177 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56153 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56137 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56171 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56174 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56001 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.5611 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.5613 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3465 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2012-3465, GHSA-7g65-ghrg-hpf5, OSV-84513
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cwa7-9d2t-rfhb |
|
| 36 |
| url |
VCID-d15q-6ukb-wfff |
| vulnerability_id |
VCID-d15q-6ukb-wfff |
| summary |
Object leak vulnerability for wildcard controller routes
Users that have a route that contains the string `:controller` are susceptible to objects being leaked globally which can lead to unbounded memory growth. To identify if your application is vulnerable, look for routes that contain `:controller`. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7581 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07108 |
| scoring_system |
epss |
| scoring_elements |
0.91554 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.07108 |
| scoring_system |
epss |
| scoring_elements |
0.91492 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.07108 |
| scoring_system |
epss |
| scoring_elements |
0.91498 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.07108 |
| scoring_system |
epss |
| scoring_elements |
0.91505 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.07108 |
| scoring_system |
epss |
| scoring_elements |
0.91512 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.07108 |
| scoring_system |
epss |
| scoring_elements |
0.91525 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.07108 |
| scoring_system |
epss |
| scoring_elements |
0.91531 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.07108 |
| scoring_system |
epss |
| scoring_elements |
0.91536 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.07108 |
| scoring_system |
epss |
| scoring_elements |
0.91538 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.07108 |
| scoring_system |
epss |
| scoring_elements |
0.91558 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.07108 |
| scoring_system |
epss |
| scoring_elements |
0.91553 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7581 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7581 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:N/I:N/A:P |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7581 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| purl |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 14 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 15 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 16 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 17 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 18 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 19 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 20 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 21 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 22 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 23 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 24 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 25 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 26 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 27 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 28 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 29 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 30 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 31 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 32 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 33 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 34 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 35 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 36 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 37 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 38 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 39 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 40 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2 |
|
|
| aliases |
CVE-2015-7581, GHSA-9h6g-gp95-x3q5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d15q-6ukb-wfff |
|
| 37 |
| url |
VCID-dd9p-x7k3-37ea |
| vulnerability_id |
VCID-dd9p-x7k3-37ea |
| summary |
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
The `redirect_to` method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been assigned the CVE identifier CVE-2023-28362.
Versions Affected: All. Not affected: None Fixed Versions: 7.0.5.1, 6.1.7.4 |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-28362 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.4516 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45208 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45215 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45164 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45162 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45194 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45173 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45155 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45174 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.4512 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45177 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-28362 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-28362, GHSA-4g8v-vg43-wpgf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dd9p-x7k3-37ea |
|
| 38 |
| url |
VCID-drg6-gj1f-h7ea |
| vulnerability_id |
VCID-drg6-gj1f-h7ea |
| summary |
Duplicate
This advisory duplicates another. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-21831 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0142 |
| scoring_system |
epss |
| scoring_elements |
0.8062 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0142 |
| scoring_system |
epss |
| scoring_elements |
0.80616 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0142 |
| scoring_system |
epss |
| scoring_elements |
0.80614 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.0142 |
| scoring_system |
epss |
| scoring_elements |
0.80585 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.0142 |
| scoring_system |
epss |
| scoring_elements |
0.80592 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.0142 |
| scoring_system |
epss |
| scoring_elements |
0.80589 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0142 |
| scoring_system |
epss |
| scoring_elements |
0.80579 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0142 |
| scoring_system |
epss |
| scoring_elements |
0.8055 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.0142 |
| scoring_system |
epss |
| scoring_elements |
0.80559 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.0142 |
| scoring_system |
epss |
| scoring_elements |
0.80537 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.0142 |
| scoring_system |
epss |
| scoring_elements |
0.80606 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-21831 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2022-21831, GHSA-w749-p3v6-hccq, GMS-2022-301
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-drg6-gj1f-h7ea |
|
| 39 |
| url |
VCID-eb5z-q7rj-j7hh |
| vulnerability_id |
VCID-eb5z-q7rj-j7hh |
| summary |
Active Record component in Ruby on Rails has a data-type injection vulnerability
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-3221 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65219 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65111 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65161 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65186 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65152 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65202 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65214 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65233 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.6522 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65192 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65227 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65237 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-3221 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2013-3221, GHSA-f57c-hx33-hvh8
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eb5z-q7rj-j7hh |
|
| 40 |
| url |
VCID-ed3f-3bxh-eba4 |
| vulnerability_id |
VCID-ed3f-3bxh-eba4 |
| summary |
activesupport vulnerable to Denial of Service via large XML document depth
The (1) `jdom.rb` and (2) `rexml.rb` components in Active Support in Ruby on Rails before 3.2.22, 4.1.x before 4.1.11, and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-3227 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02683 |
| scoring_system |
epss |
| scoring_elements |
0.85865 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.02683 |
| scoring_system |
epss |
| scoring_elements |
0.85789 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02683 |
| scoring_system |
epss |
| scoring_elements |
0.85807 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02683 |
| scoring_system |
epss |
| scoring_elements |
0.85812 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02683 |
| scoring_system |
epss |
| scoring_elements |
0.85831 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02683 |
| scoring_system |
epss |
| scoring_elements |
0.85841 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02683 |
| scoring_system |
epss |
| scoring_elements |
0.85856 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02683 |
| scoring_system |
epss |
| scoring_elements |
0.85853 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02683 |
| scoring_system |
epss |
| scoring_elements |
0.85849 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.02683 |
| scoring_system |
epss |
| scoring_elements |
0.85868 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.02683 |
| scoring_system |
epss |
| scoring_elements |
0.85873 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.02683 |
| scoring_system |
epss |
| scoring_elements |
0.85776 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-3227 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| purl |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 14 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 15 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 16 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 17 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 18 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 19 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 20 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 21 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 22 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 23 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 24 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 25 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 26 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 27 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 28 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 29 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 30 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 31 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 32 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 33 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 34 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 35 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 36 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 37 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 38 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 39 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 40 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2 |
|
|
| aliases |
CVE-2015-3227, GHSA-j96r-xvjq-r9pg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ed3f-3bxh-eba4 |
|
| 41 |
| url |
VCID-es1t-7196-4kbb |
| vulnerability_id |
VCID-es1t-7196-4kbb |
| summary |
CSRF Vulnerability in rails-ujs
There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains.
Versions Affected: rails <= 6.0.3
Not affected: Applications which don't use rails-ujs.
Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1
Impact
------
This is a regression of CVE-2015-1840.
In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to a cross-origin URL, and the CSRF token will be sent.
Workarounds
-----------
To work around this problem, change code that allows users to control the href attribute of an anchor tag or the action attribute of a form tag to filter the user parameters.
For example, code like this:
link_to params
to code like this:
link_to filtered_params
def filtered_params
# Filter just the parameters that you trust
end |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8167 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69269 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.6929 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69281 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69242 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69271 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69285 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69263 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69245 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69195 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69213 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69192 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69177 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8167 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2020-8167, GHSA-xq5j-gw7f-jgj8
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-es1t-7196-4kbb |
|
| 42 |
| url |
VCID-g3rk-djae-pkeh |
| vulnerability_id |
VCID-g3rk-djae-pkeh |
| summary |
Possible Content Security Policy bypass in Action Dispatch
There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper in Action Pack.
Impact
------
Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks.
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
Applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.
Credits
-------
Thanks to [ryotak](https://hackerone.com/ryotak) for the report! |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-54133 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31466 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31424 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40787 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40834 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40883 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.4089 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40906 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40871 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40852 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40895 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40865 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-54133 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-54133, GHSA-vfm5-rmrh-j26v
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g3rk-djae-pkeh |
|
| 43 |
| url |
VCID-g5q6-7uav-sqh1 |
| vulnerability_id |
VCID-g5q6-7uav-sqh1 |
| summary |
Remote code execution via user-provided local names in ActionView
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8163 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.90927 |
| scoring_system |
epss |
| scoring_elements |
0.99637 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.90927 |
| scoring_system |
epss |
| scoring_elements |
0.99631 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.90927 |
| scoring_system |
epss |
| scoring_elements |
0.9963 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.90927 |
| scoring_system |
epss |
| scoring_elements |
0.99632 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.90927 |
| scoring_system |
epss |
| scoring_elements |
0.99633 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.90927 |
| scoring_system |
epss |
| scoring_elements |
0.99634 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.90927 |
| scoring_system |
epss |
| scoring_elements |
0.99635 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8163 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
|
| aliases |
CVE-2020-8163, GHSA-cr3x-7m39-c6jq
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g5q6-7uav-sqh1 |
|
| 44 |
| url |
VCID-gjey-bqtd-kqa1 |
| vulnerability_id |
VCID-gjey-bqtd-kqa1 |
| summary |
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
Impact
------
There is a possible information disclosure / unintended method execution vulnerability in Action Pack when using the `redirect_to` or `polymorphic_url` helper with untrusted user input.
Vulnerable code will look like this.
```
redirect_to(params[:some_param])
```
All users running an affected release should either upgrade or use one of the workarounds immediately.
Releases
--------
The FIXED releases are available at the normal locations.
Workarounds
-----------
To work around this problem, it is recommended to use an allow list for valid parameters passed from the user. For example,
```ruby
private def check(param)
case param
when "valid"
param
else
"/"
end
end
def index
redirect_to(check(params[:some_param]))
end
```
Or force the user input to be cast to a string like this,
```ruby
def index
redirect_to(params[:some_param].to_s)
end
```
Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.
* 5-2-information-disclosure.patch - Patch for 5.2 series
* 6-0-information-disclosure.patch - Patch for 6.0 series
* 6-1-information-disclosure.patch - Patch for 6.1 series
Please note that only the 5.2, 6.0, and 6.1 series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.
Credits
-------
Thanks to Benoit Côté-Jodoin from Shopify for reporting this. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-22885 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03096 |
| scoring_system |
epss |
| scoring_elements |
0.86797 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.03096 |
| scoring_system |
epss |
| scoring_elements |
0.86815 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.03096 |
| scoring_system |
epss |
| scoring_elements |
0.86736 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.03096 |
| scoring_system |
epss |
| scoring_elements |
0.86817 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.03096 |
| scoring_system |
epss |
| scoring_elements |
0.86812 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.03096 |
| scoring_system |
epss |
| scoring_elements |
0.86746 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.03096 |
| scoring_system |
epss |
| scoring_elements |
0.86765 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.03096 |
| scoring_system |
epss |
| scoring_elements |
0.86763 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.03096 |
| scoring_system |
epss |
| scoring_elements |
0.86783 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.03096 |
| scoring_system |
epss |
| scoring_elements |
0.86791 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.03096 |
| scoring_system |
epss |
| scoring_elements |
0.86805 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.03096 |
| scoring_system |
epss |
| scoring_elements |
0.86802 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-22885 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2021-22885, GHSA-hjg4-8q5f-x6fm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gjey-bqtd-kqa1 |
|
| 45 |
| url |
VCID-hbtn-7423-m3gb |
| vulnerability_id |
VCID-hbtn-7423-m3gb |
| summary |
Circumvention of attr_protected
The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0276 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.69669 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.69582 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.69598 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.69577 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.69627 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.69644 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.69666 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.69652 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.69637 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.69678 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.69687 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.6957 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0276 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2013-0276, GHSA-gr44-7grc-37vq, OSV-90072
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hbtn-7423-m3gb |
|
| 46 |
| url |
VCID-hppf-a715-r7b2 |
| vulnerability_id |
VCID-hppf-a715-r7b2 |
| summary |
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22795 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01304 |
| scoring_system |
epss |
| scoring_elements |
0.79782 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01523 |
| scoring_system |
epss |
| scoring_elements |
0.81303 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.01523 |
| scoring_system |
epss |
| scoring_elements |
0.81266 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.01523 |
| scoring_system |
epss |
| scoring_elements |
0.81274 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.01523 |
| scoring_system |
epss |
| scoring_elements |
0.81288 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.01523 |
| scoring_system |
epss |
| scoring_elements |
0.81267 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01523 |
| scoring_system |
epss |
| scoring_elements |
0.81262 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.01523 |
| scoring_system |
epss |
| scoring_elements |
0.81234 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.01523 |
| scoring_system |
epss |
| scoring_elements |
0.81305 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.01523 |
| scoring_system |
epss |
| scoring_elements |
0.8121 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22795 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2023-22795, GHSA-8xww-x3g3-6jcv, GMS-2023-56
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hppf-a715-r7b2 |
|
| 47 |
| url |
VCID-hr2h-y693-sbgc |
| vulnerability_id |
VCID-hr2h-y693-sbgc |
| summary |
activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.rb` in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3464 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56143 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56174 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56171 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56137 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56153 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56177 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56166 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56161 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.5613 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.56001 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00333 |
| scoring_system |
epss |
| scoring_elements |
0.5611 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3464 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2012-3464, GHSA-h835-75hw-pj89, OSV-84516
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hr2h-y693-sbgc |
|
| 48 |
| url |
VCID-j7p8-hchp-xbe3 |
| vulnerability_id |
VCID-j7p8-hchp-xbe3 |
| summary |
Unsafe Query Generation Risk in Ruby on Rails
Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0155 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.18174 |
| scoring_system |
epss |
| scoring_elements |
0.95204 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.18174 |
| scoring_system |
epss |
| scoring_elements |
0.95171 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.18174 |
| scoring_system |
epss |
| scoring_elements |
0.95178 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.18174 |
| scoring_system |
epss |
| scoring_elements |
0.95182 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.18174 |
| scoring_system |
epss |
| scoring_elements |
0.95188 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.18174 |
| scoring_system |
epss |
| scoring_elements |
0.95191 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.18174 |
| scoring_system |
epss |
| scoring_elements |
0.95199 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.18174 |
| scoring_system |
epss |
| scoring_elements |
0.95203 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.18174 |
| scoring_system |
epss |
| scoring_elements |
0.95155 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.18174 |
| scoring_system |
epss |
| scoring_elements |
0.95166 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.18174 |
| scoring_system |
epss |
| scoring_elements |
0.95167 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0155 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2013-0155, GHSA-gppp-5xc5-wfpx, OSV-89025
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j7p8-hchp-xbe3 |
|
| 49 |
| url |
VCID-jwun-grgg-2uet |
| vulnerability_id |
VCID-jwun-grgg-2uet |
| summary |
Exposure of information in Action Pack
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23633 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00303 |
| scoring_system |
epss |
| scoring_elements |
0.53606 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.58667 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.58687 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.5868 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.58623 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.58643 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.5861 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.58669 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.58662 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.58648 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.58685 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23633 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23634 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00441 |
| scoring_system |
epss |
| scoring_elements |
0.63284 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00441 |
| scoring_system |
epss |
| scoring_elements |
0.63256 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00441 |
| scoring_system |
epss |
| scoring_elements |
0.63277 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00441 |
| scoring_system |
epss |
| scoring_elements |
0.6327 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00441 |
| scoring_system |
epss |
| scoring_elements |
0.63233 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00441 |
| scoring_system |
epss |
| scoring_elements |
0.63269 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00441 |
| scoring_system |
epss |
| scoring_elements |
0.63267 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00441 |
| scoring_system |
epss |
| scoring_elements |
0.6325 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00441 |
| scoring_system |
epss |
| scoring_elements |
0.63198 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00453 |
| scoring_system |
epss |
| scoring_elements |
0.63763 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00453 |
| scoring_system |
epss |
| scoring_elements |
0.63789 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23634 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2022-23633, CVE-2022-23634, GHSA-rmj8-8hhh-gv5h, GHSA-wh98-p28r-vrc9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jwun-grgg-2uet |
|
| 50 |
| url |
VCID-kkbt-pr7u-f7gn |
| vulnerability_id |
VCID-kkbt-pr7u-f7gn |
| summary |
Active Record contains SQL Injection
SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6496 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01017 |
| scoring_system |
epss |
| scoring_elements |
0.77181 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.01017 |
| scoring_system |
epss |
| scoring_elements |
0.7721 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.01017 |
| scoring_system |
epss |
| scoring_elements |
0.77219 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.01017 |
| scoring_system |
epss |
| scoring_elements |
0.77217 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.01017 |
| scoring_system |
epss |
| scoring_elements |
0.77166 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01017 |
| scoring_system |
epss |
| scoring_elements |
0.77174 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01017 |
| scoring_system |
epss |
| scoring_elements |
0.77202 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01017 |
| scoring_system |
epss |
| scoring_elements |
0.77115 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.01017 |
| scoring_system |
epss |
| scoring_elements |
0.77177 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01017 |
| scoring_system |
epss |
| scoring_elements |
0.77122 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.01017 |
| scoring_system |
epss |
| scoring_elements |
0.77151 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.01017 |
| scoring_system |
epss |
| scoring_elements |
0.77133 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6496 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2012-6496, GHSA-gh2w-j7cx-2664, OSV-88661
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kkbt-pr7u-f7gn |
|
| 51 |
| url |
VCID-knsd-pv15-tydx |
| vulnerability_id |
VCID-knsd-pv15-tydx |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2931 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74295 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74208 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74214 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.7424 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74213 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74246 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.7426 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74282 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74263 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74256 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74293 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74303 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2931 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2011-2931, GHSA-v5jg-558j-q67c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-knsd-pv15-tydx |
|
| 52 |
| url |
VCID-kr1b-uct1-7kf6 |
| vulnerability_id |
VCID-kr1b-uct1-7kf6 |
| summary |
Response Splitting Vulnerability in Ruby on Rails
A response splitting flaw can allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3186 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00814 |
| scoring_system |
epss |
| scoring_elements |
0.7432 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00814 |
| scoring_system |
epss |
| scoring_elements |
0.74311 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00814 |
| scoring_system |
epss |
| scoring_elements |
0.74274 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00814 |
| scoring_system |
epss |
| scoring_elements |
0.74282 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00814 |
| scoring_system |
epss |
| scoring_elements |
0.74301 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00814 |
| scoring_system |
epss |
| scoring_elements |
0.74312 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.00814 |
| scoring_system |
epss |
| scoring_elements |
0.7428 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00814 |
| scoring_system |
epss |
| scoring_elements |
0.74265 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00814 |
| scoring_system |
epss |
| scoring_elements |
0.74259 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00814 |
| scoring_system |
epss |
| scoring_elements |
0.74232 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00814 |
| scoring_system |
epss |
| scoring_elements |
0.74228 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3186 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2011-3186, GHSA-fcqf-h4h4-695m, OSV-74616
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kr1b-uct1-7kf6 |
|
| 53 |
| url |
VCID-mep3-6sub-ykdk |
| vulnerability_id |
VCID-mep3-6sub-ykdk |
| summary |
Denial of Service Vulnerability when using render :text
Strings sent in specially crafted headers will be converted to symbols. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0082 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06456 |
| scoring_system |
epss |
| scoring_elements |
0.91071 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.06456 |
| scoring_system |
epss |
| scoring_elements |
0.91062 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.06456 |
| scoring_system |
epss |
| scoring_elements |
0.91056 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.06456 |
| scoring_system |
epss |
| scoring_elements |
0.91021 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.06456 |
| scoring_system |
epss |
| scoring_elements |
0.91026 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.06456 |
| scoring_system |
epss |
| scoring_elements |
0.91044 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.06456 |
| scoring_system |
epss |
| scoring_elements |
0.91035 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.06456 |
| scoring_system |
epss |
| scoring_elements |
0.91098 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.06456 |
| scoring_system |
epss |
| scoring_elements |
0.91095 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.06456 |
| scoring_system |
epss |
| scoring_elements |
0.91096 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0082 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2014-0082, GHSA-7cgp-c3g7-qvrw, OSV-103440
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mep3-6sub-ykdk |
|
| 54 |
| url |
VCID-mnkw-23eu-bkgc |
| vulnerability_id |
VCID-mnkw-23eu-bkgc |
| summary |
Ability to forge per-form CSRF tokens in Rails
It is possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session.
Impact
------
Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session.
Workarounds
-----------
This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8166 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00443 |
| scoring_system |
epss |
| scoring_elements |
0.63332 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00443 |
| scoring_system |
epss |
| scoring_elements |
0.63225 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00443 |
| scoring_system |
epss |
| scoring_elements |
0.63284 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00443 |
| scoring_system |
epss |
| scoring_elements |
0.63312 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00443 |
| scoring_system |
epss |
| scoring_elements |
0.63278 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00443 |
| scoring_system |
epss |
| scoring_elements |
0.63329 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00443 |
| scoring_system |
epss |
| scoring_elements |
0.63347 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00443 |
| scoring_system |
epss |
| scoring_elements |
0.63364 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00443 |
| scoring_system |
epss |
| scoring_elements |
0.63348 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00443 |
| scoring_system |
epss |
| scoring_elements |
0.63311 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00443 |
| scoring_system |
epss |
| scoring_elements |
0.63345 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00443 |
| scoring_system |
epss |
| scoring_elements |
0.63353 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8166 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2020-8166, GHSA-jp5v-5gx4-jmj9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mnkw-23eu-bkgc |
|
| 55 |
| url |
VCID-nk6g-hhsk-8kaw |
| vulnerability_id |
VCID-nk6g-hhsk-8kaw |
| summary |
Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0
There is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0277 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06742 |
| scoring_system |
epss |
| scoring_elements |
0.91312 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.06742 |
| scoring_system |
epss |
| scoring_elements |
0.91236 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.06742 |
| scoring_system |
epss |
| scoring_elements |
0.91241 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.06742 |
| scoring_system |
epss |
| scoring_elements |
0.91251 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.06742 |
| scoring_system |
epss |
| scoring_elements |
0.91257 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.06742 |
| scoring_system |
epss |
| scoring_elements |
0.9127 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.06742 |
| scoring_system |
epss |
| scoring_elements |
0.91277 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.06742 |
| scoring_system |
epss |
| scoring_elements |
0.91283 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.06742 |
| scoring_system |
epss |
| scoring_elements |
0.91287 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.06742 |
| scoring_system |
epss |
| scoring_elements |
0.91286 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.06742 |
| scoring_system |
epss |
| scoring_elements |
0.91311 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.06742 |
| scoring_system |
epss |
| scoring_elements |
0.9131 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0277 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2013-0277, GHSA-fhj9-cjjh-27vm, OSV-90073
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nk6g-hhsk-8kaw |
|
| 56 |
| url |
VCID-p5mc-r1rg-5ff7 |
| vulnerability_id |
VCID-p5mc-r1rg-5ff7 |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in actionview. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-27777 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00911 |
| scoring_system |
epss |
| scoring_elements |
0.75768 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00911 |
| scoring_system |
epss |
| scoring_elements |
0.75849 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00911 |
| scoring_system |
epss |
| scoring_elements |
0.75864 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00911 |
| scoring_system |
epss |
| scoring_elements |
0.7586 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00911 |
| scoring_system |
epss |
| scoring_elements |
0.75823 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00911 |
| scoring_system |
epss |
| scoring_elements |
0.75829 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00911 |
| scoring_system |
epss |
| scoring_elements |
0.75848 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00911 |
| scoring_system |
epss |
| scoring_elements |
0.75801 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00911 |
| scoring_system |
epss |
| scoring_elements |
0.75824 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00911 |
| scoring_system |
epss |
| scoring_elements |
0.7578 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00911 |
| scoring_system |
epss |
| scoring_elements |
0.75812 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-27777 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2022-27777, GHSA-ch3h-j2vf-95pv, GMS-2022-1138
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p5mc-r1rg-5ff7 |
|
| 57 |
| url |
VCID-pb5f-g4uc-r7fp |
| vulnerability_id |
VCID-pb5f-g4uc-r7fp |
| summary |
Possible Input Validation Circumvention
Code that uses Active Model based models (including Active Record models) and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacted by this issue as they are encouraged to allow parameters and must specifically opt-out of input verification using the `permit!` method to allow mass assignment. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-0753 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02328 |
| scoring_system |
epss |
| scoring_elements |
0.84842 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.02328 |
| scoring_system |
epss |
| scoring_elements |
0.84748 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.02328 |
| scoring_system |
epss |
| scoring_elements |
0.84763 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.02328 |
| scoring_system |
epss |
| scoring_elements |
0.84782 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.02328 |
| scoring_system |
epss |
| scoring_elements |
0.84783 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.02328 |
| scoring_system |
epss |
| scoring_elements |
0.84806 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.02328 |
| scoring_system |
epss |
| scoring_elements |
0.84812 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.02328 |
| scoring_system |
epss |
| scoring_elements |
0.84831 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.02328 |
| scoring_system |
epss |
| scoring_elements |
0.84827 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.02328 |
| scoring_system |
epss |
| scoring_elements |
0.84822 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.02328 |
| scoring_system |
epss |
| scoring_elements |
0.84843 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.02328 |
| scoring_system |
epss |
| scoring_elements |
0.84844 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-0753 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-0753 |
| reference_id |
CVE-2016-0753 |
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:N/I:P/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-0753 |
|
| 38 |
|
| 39 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| purl |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 14 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 15 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 16 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 17 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 18 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 19 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 20 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 21 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 22 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 23 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 24 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 25 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 26 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 27 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 28 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 29 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 30 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 31 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 32 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 33 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 34 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 35 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 36 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 37 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 38 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 39 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 40 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2 |
|
|
| aliases |
CVE-2016-0753, GHSA-543v-gj2c-r3ch
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pb5f-g4uc-r7fp |
|
| 58 |
| url |
VCID-s5ah-tf63-a7cw |
| vulnerability_id |
VCID-s5ah-tf63-a7cw |
| summary |
Improper Input Validation
The Rails gem allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2098 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.8743 |
| scoring_system |
epss |
| scoring_elements |
0.99462 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.8743 |
| scoring_system |
epss |
| scoring_elements |
0.99452 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.8743 |
| scoring_system |
epss |
| scoring_elements |
0.99451 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.8743 |
| scoring_system |
epss |
| scoring_elements |
0.99453 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.8743 |
| scoring_system |
epss |
| scoring_elements |
0.99454 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.8743 |
| scoring_system |
epss |
| scoring_elements |
0.99456 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.8743 |
| scoring_system |
epss |
| scoring_elements |
0.99457 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.8743 |
| scoring_system |
epss |
| scoring_elements |
0.99458 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.8743 |
| scoring_system |
epss |
| scoring_elements |
0.99461 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2098 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-2098 |
| reference_id |
CVE-2016-2098 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
7.3 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 2 |
| value |
7.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-2098 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| purl |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 14 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 15 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 16 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 17 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 18 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 19 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 20 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 21 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 22 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 23 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 24 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 25 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 26 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 27 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 28 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 29 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 30 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 31 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 32 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 33 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 34 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 35 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 36 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 37 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 38 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 39 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 40 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2 |
|
|
| aliases |
CVE-2016-2098, GHSA-78rc-8c29-p45g
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ah-tf63-a7cw |
|
| 59 |
| url |
VCID-sb9g-rdnm-rqbm |
| vulnerability_id |
VCID-sb9g-rdnm-rqbm |
| summary |
SQL Injection in Active Record
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3482 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01531 |
| scoring_system |
epss |
| scoring_elements |
0.81351 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.01531 |
| scoring_system |
epss |
| scoring_elements |
0.81322 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.01531 |
| scoring_system |
epss |
| scoring_elements |
0.81336 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.01531 |
| scoring_system |
epss |
| scoring_elements |
0.81282 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01531 |
| scoring_system |
epss |
| scoring_elements |
0.81354 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.01531 |
| scoring_system |
epss |
| scoring_elements |
0.8131 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01531 |
| scoring_system |
epss |
| scoring_elements |
0.81252 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.01531 |
| scoring_system |
epss |
| scoring_elements |
0.81315 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.01531 |
| scoring_system |
epss |
| scoring_elements |
0.81261 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.01531 |
| scoring_system |
epss |
| scoring_elements |
0.81283 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3482 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1 |
|
|
| aliases |
CVE-2014-3482, GHSA-mhwp-qhpc-h3jm, OSV-108664
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sb9g-rdnm-rqbm |
|
| 60 |
| url |
VCID-sfyc-jewr-wuf5 |
| vulnerability_id |
VCID-sfyc-jewr-wuf5 |
| summary |
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887.
Impact
------
For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.
Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
Users on Ruby 3.2 are unaffected by this issue.
Credits
-------
Thanks to [scyoon](https://hackerone.com/scyoon) for reporting |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-47887 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00296 |
| scoring_system |
epss |
| scoring_elements |
0.5296 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00296 |
| scoring_system |
epss |
| scoring_elements |
0.5287 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00296 |
| scoring_system |
epss |
| scoring_elements |
0.52976 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00296 |
| scoring_system |
epss |
| scoring_elements |
0.5297 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00296 |
| scoring_system |
epss |
| scoring_elements |
0.52932 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00296 |
| scoring_system |
epss |
| scoring_elements |
0.52948 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00296 |
| scoring_system |
epss |
| scoring_elements |
0.52964 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00296 |
| scoring_system |
epss |
| scoring_elements |
0.52914 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00296 |
| scoring_system |
epss |
| scoring_elements |
0.5292 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00296 |
| scoring_system |
epss |
| scoring_elements |
0.52876 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00296 |
| scoring_system |
epss |
| scoring_elements |
0.52901 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-47887 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-47887, GHSA-vfg9-r3fq-jvx4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sfyc-jewr-wuf5 |
|
| 61 |
| url |
VCID-sgdb-985e-4uej |
| vulnerability_id |
VCID-sgdb-985e-4uej |
| summary |
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128.
Impact
------
Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.
Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
Users on Ruby 3.2 are unaffected by this issue.
Credits
-------
Thanks to [scyoon](https://hackerone.com/scyoon) for the report and patches! |
| references |
| 0 |
|
| 1 |
| reference_url |
https://access.redhat.com/security/cve/cve-2024-41128 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/ |
|
|
| url |
https://access.redhat.com/security/cve/cve-2024-41128 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41128 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00605 |
| scoring_system |
epss |
| scoring_elements |
0.69632 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00605 |
| scoring_system |
epss |
| scoring_elements |
0.69647 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00605 |
| scoring_system |
epss |
| scoring_elements |
0.69624 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00605 |
| scoring_system |
epss |
| scoring_elements |
0.69608 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00605 |
| scoring_system |
epss |
| scoring_elements |
0.69557 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00605 |
| scoring_system |
epss |
| scoring_elements |
0.69578 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00605 |
| scoring_system |
epss |
| scoring_elements |
0.69666 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00605 |
| scoring_system |
epss |
| scoring_elements |
0.69618 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00605 |
| scoring_system |
epss |
| scoring_elements |
0.69562 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00605 |
| scoring_system |
epss |
| scoring_elements |
0.69648 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00605 |
| scoring_system |
epss |
| scoring_elements |
0.69657 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41128 |
|
| 3 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2319036 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2319036 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/rails/rails |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/rails/rails |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 2 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/ |
|
|
| url |
https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-41128, GHSA-x76w-6vjr-8xgj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sgdb-985e-4uej |
|
| 62 |
| url |
VCID-sygb-mygd-s3gb |
| vulnerability_id |
VCID-sygb-mygd-s3gb |
| summary |
Duplicate
This advisory duplicates another. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-44566 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02076 |
| scoring_system |
epss |
| scoring_elements |
0.83996 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.02421 |
| scoring_system |
epss |
| scoring_elements |
0.8515 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.02421 |
| scoring_system |
epss |
| scoring_elements |
0.85129 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.02421 |
| scoring_system |
epss |
| scoring_elements |
0.85132 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.02421 |
| scoring_system |
epss |
| scoring_elements |
0.85134 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.02421 |
| scoring_system |
epss |
| scoring_elements |
0.8512 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02421 |
| scoring_system |
epss |
| scoring_elements |
0.85091 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.02421 |
| scoring_system |
epss |
| scoring_elements |
0.85153 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.02421 |
| scoring_system |
epss |
| scoring_elements |
0.8507 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.02421 |
| scoring_system |
epss |
| scoring_elements |
0.85113 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.02421 |
| scoring_system |
epss |
| scoring_elements |
0.85087 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-44566 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-44566, GHSA-579w-22j4-4749, GMS-2023-59
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sygb-mygd-s3gb |
|
| 63 |
| url |
VCID-sz4r-kjse-cbdd |
| vulnerability_id |
VCID-sz4r-kjse-cbdd |
| summary |
Remote attacker can conduct SQL injection attacks
Ruby on Rails contains a flaw in the Authlogic gem. The issue is triggered when the program makes an unsafe method call for find_by_id. With a specially crafted parameter in an environment that knows the secret_token value in secret_token.rb, a remote attacker to more easily conduct SQL injection attacks. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6497 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60612 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60606 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60565 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60586 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60444 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60601 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60519 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.6058 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60546 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60563 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60515 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.606 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6497 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2012-6497, GHSA-rx7j-mw4c-76g9, OSV-89064
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sz4r-kjse-cbdd |
|
| 64 |
| url |
VCID-t2cx-7ycd-tqhq |
| vulnerability_id |
VCID-t2cx-7ycd-tqhq |
| summary |
activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `json/encoding.rb` in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-3226 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43684 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43741 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43674 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43725 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43728 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43748 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43699 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43761 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43752 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.4366 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43716 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-3226 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| purl |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 14 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 15 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 16 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 17 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 18 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 19 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 20 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 21 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 22 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 23 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 24 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 25 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 26 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 27 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 28 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 29 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 30 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 31 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 32 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 33 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 34 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 35 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 36 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 37 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 38 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 39 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 40 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2 |
|
|
| aliases |
CVE-2015-3226, GHSA-vxvp-4xwc-jpp6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t2cx-7ycd-tqhq |
|
| 65 |
| url |
VCID-t684-yp58-hkg8 |
| vulnerability_id |
VCID-t684-yp58-hkg8 |
| summary |
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when
untrusted user input is written to the cache store using the `raw: true` parameter, re-reading the result
from the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerable code looks like:
```
data = cache.fetch("demo", raw: true) { untrusted_string }
```
Versions Affected: rails < 5.2.5, rails < 6.0.4
Not affected: Applications not using MemCacheStore or RedisCacheStore. Applications that do not use the `raw` option when storing untrusted user input.
Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1
Impact
------
Unmarshalling of untrusted user input can have impact up to and including RCE. At a minimum,
this vulnerability allows an attacker to inject untrusted Ruby objects into a web application.
In addition to upgrading to the latest versions of Rails, developers should ensure that whenever
they are calling `Rails.cache.fetch` they are using consistent values of the `raw` parameter for both
reading and writing, especially in the case of the RedisCacheStore which does not, prior to these changes,
detect if data was serialized using the raw option upon deserialization.
Workarounds
-----------
It is recommended that application developers apply the suggested patch or upgrade to the latest release as
soon as possible. If this is not possible, we recommend ensuring that all user-provided strings cached using
the `raw` argument should be double-checked to ensure that they conform to the expected format. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8165 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.90128 |
| scoring_system |
epss |
| scoring_elements |
0.99584 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.90128 |
| scoring_system |
epss |
| scoring_elements |
0.99591 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.90128 |
| scoring_system |
epss |
| scoring_elements |
0.9959 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.90128 |
| scoring_system |
epss |
| scoring_elements |
0.99589 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.90128 |
| scoring_system |
epss |
| scoring_elements |
0.99588 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.90128 |
| scoring_system |
epss |
| scoring_elements |
0.99587 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.90128 |
| scoring_system |
epss |
| scoring_elements |
0.99586 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.90128 |
| scoring_system |
epss |
| scoring_elements |
0.99585 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8165 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2020-8165, GHSA-2p68-f74v-9wc6
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t684-yp58-hkg8 |
|
| 66 |
| url |
VCID-t9yh-ss8z-e3cb |
| vulnerability_id |
VCID-t9yh-ss8z-e3cb |
| summary |
Duplicate
This advisory duplicates another. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22794 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05757 |
| scoring_system |
epss |
| scoring_elements |
0.90477 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.06659 |
| scoring_system |
epss |
| scoring_elements |
0.9124 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.06659 |
| scoring_system |
epss |
| scoring_elements |
0.91216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.06659 |
| scoring_system |
epss |
| scoring_elements |
0.9117 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.06659 |
| scoring_system |
epss |
| scoring_elements |
0.91239 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.06659 |
| scoring_system |
epss |
| scoring_elements |
0.91186 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.06659 |
| scoring_system |
epss |
| scoring_elements |
0.91179 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.06659 |
| scoring_system |
epss |
| scoring_elements |
0.91213 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.06659 |
| scoring_system |
epss |
| scoring_elements |
0.91206 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.06659 |
| scoring_system |
epss |
| scoring_elements |
0.912 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22794 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2023-22794, GHSA-hq7p-j377-6v63, GMS-2023-60
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t9yh-ss8z-e3cb |
|
| 67 |
| url |
VCID-thx6-usb2-kkgc |
| vulnerability_id |
VCID-thx6-usb2-kkgc |
| summary |
Nested attributes rejection proc bypass
When using the nested attributes feature in Active Record you can prevent the destruction of associated records by passing the `allow_destroy: false` option to the `accepts_nested_attributes_for` method. The `allow_destroy` flag prevents the `:reject_if` proc from being called because it assumes that the record will be destroyed anyway. However, this is not true if `:allow_destroy` is false so this leads to changes that would have been rejected being applied to the record. Attackers could set attributes to invalid values or clear all the attributes. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7577 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01209 |
| scoring_system |
epss |
| scoring_elements |
0.79004 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01209 |
| scoring_system |
epss |
| scoring_elements |
0.78933 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01209 |
| scoring_system |
epss |
| scoring_elements |
0.78939 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01209 |
| scoring_system |
epss |
| scoring_elements |
0.78967 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01209 |
| scoring_system |
epss |
| scoring_elements |
0.78951 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01209 |
| scoring_system |
epss |
| scoring_elements |
0.78975 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01209 |
| scoring_system |
epss |
| scoring_elements |
0.78981 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01209 |
| scoring_system |
epss |
| scoring_elements |
0.79005 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.01209 |
| scoring_system |
epss |
| scoring_elements |
0.7899 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01209 |
| scoring_system |
epss |
| scoring_elements |
0.78979 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.01209 |
| scoring_system |
epss |
| scoring_elements |
0.79007 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7577 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7577 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:N/I:P/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7577 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| purl |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 14 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 15 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 16 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 17 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 18 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 19 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 20 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 21 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 22 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 23 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 24 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 25 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 26 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 27 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 28 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 29 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 30 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 31 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 32 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 33 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 34 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 35 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 36 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 37 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 38 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 39 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 40 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2 |
|
|
| aliases |
CVE-2015-7577, GHSA-xrr6-3pc4-m447
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-thx6-usb2-kkgc |
|
| 68 |
| url |
VCID-v3r3-bwp5-a3bn |
| vulnerability_id |
VCID-v3r3-bwp5-a3bn |
| summary |
Path Traversal
The Rails gem allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` in a pathname. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
http://rhn.redhat.com/errata/RHSA-2016-0296.html |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/ |
|
|
| url |
http://rhn.redhat.com/errata/RHSA-2016-0296.html |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-0752 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.91051 |
| scoring_system |
epss |
| scoring_elements |
0.9964 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.91051 |
| scoring_system |
epss |
| scoring_elements |
0.99643 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.91051 |
| scoring_system |
epss |
| scoring_elements |
0.99642 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.91051 |
| scoring_system |
epss |
| scoring_elements |
0.99641 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.91051 |
| scoring_system |
epss |
| scoring_elements |
0.99639 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.91051 |
| scoring_system |
epss |
| scoring_elements |
0.99638 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.91051 |
| scoring_system |
epss |
| scoring_elements |
0.99637 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-0752 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
| reference_url |
http://www.debian.org/security/2016/dsa-3464 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/ |
|
|
| url |
http://www.debian.org/security/2016/dsa-3464 |
|
| 26 |
|
| 27 |
| reference_url |
http://www.securityfocus.com/bid/81801 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/ |
|
|
| url |
http://www.securityfocus.com/bid/81801 |
|
| 28 |
| reference_url |
http://www.securitytracker.com/id/1034816 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/ |
|
|
| url |
http://www.securitytracker.com/id/1034816 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-0752 |
| reference_id |
CVE-2016-0752 |
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-0752 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| purl |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 14 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 15 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 16 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 17 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 18 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 19 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 20 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 21 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 22 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 23 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 24 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 25 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 26 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 27 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 28 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 29 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 30 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 31 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 32 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 33 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 34 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 35 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 36 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 37 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 38 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 39 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 40 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2 |
|
|
| aliases |
CVE-2016-0752, GHSA-xrr4-p6fq-hjg7
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v3r3-bwp5-a3bn |
|
| 69 |
| url |
VCID-v9mt-t1pb-hybk |
| vulnerability_id |
VCID-v9mt-t1pb-hybk |
| summary |
Cross site scripting vulnerability in ActionView
There is a possible cross site scripting (XSS) vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks.
### Impact
There is a possible XSS vulnerability in the `j` and `escape_javascript` methods in ActionView. These methods are used for escaping JavaScript string literals. Impacted code will look something like this:
```erb
<script>let a = `<%= j unknown_input %>`</script>
```
or
```erb
<script>let a = `<%= escape_javascript unknown_input %>`</script>
```
### Releases
The 6.0.2.2 and 5.2.4.2 releases are available at the normal locations.
### Workarounds
For those that can't upgrade, the following monkey patch may be used:
```ruby
ActionView::Helpers::JavaScriptHelper::JS_ESCAPE_MAP.merge!(
{
"`" => "\\`",
"$" => "\\$"
}
)
module ActionView::Helpers::JavaScriptHelper
alias :old_ej :escape_javascript
alias :old_j :j
def escape_javascript(javascript)
javascript = javascript.to_s
if javascript.empty?
result = ""
else
result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u, JS_ESCAPE_MAP)
end
javascript.html_safe? ? result.html_safe : result
end
alias :j :escape_javascript
end
```
### Patches
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.
* [5-2-js-helper-xss.patch](https://gist.github.com/tenderlove/c042ff49f0347c37e99183a6502accc6#file-5-2-js-helper-xss-patch) - Patch for 5.2 series
* [6-0-js-helper-xss.patch](https://gist.github.com/tenderlove/c042ff49f0347c37e99183a6502accc6#file-6-0-js-helper-xss-patch) - Patch for 6.0 series
Please note that only the 5.2 and 6.0 series are supported at present. Users
of earlier unsupported releases are advised to upgrade as soon as possible as we
cannot guarantee the continued availability of security fixes for unsupported
releases.
### Credits
Thanks to Jesse Campos from Chef Secure |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-5267 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00887 |
| scoring_system |
epss |
| scoring_elements |
0.75498 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00887 |
| scoring_system |
epss |
| scoring_elements |
0.75406 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00887 |
| scoring_system |
epss |
| scoring_elements |
0.75409 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00887 |
| scoring_system |
epss |
| scoring_elements |
0.75441 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00887 |
| scoring_system |
epss |
| scoring_elements |
0.75422 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00887 |
| scoring_system |
epss |
| scoring_elements |
0.75465 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00887 |
| scoring_system |
epss |
| scoring_elements |
0.75474 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00887 |
| scoring_system |
epss |
| scoring_elements |
0.75493 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00887 |
| scoring_system |
epss |
| scoring_elements |
0.75472 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00887 |
| scoring_system |
epss |
| scoring_elements |
0.75461 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00887 |
| scoring_system |
epss |
| scoring_elements |
0.75504 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00887 |
| scoring_system |
epss |
| scoring_elements |
0.75509 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-5267 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2020-5267 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.5 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:S/C:N/I:P/A:N |
|
| 1 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2020-5267 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2020-5267, GHSA-65cv-r6x7-79hv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v9mt-t1pb-hybk |
|
| 70 |
| url |
VCID-va9q-fjn6-yqee |
| vulnerability_id |
VCID-va9q-fjn6-yqee |
| summary |
Direct Manipulation XSS
Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate direct manipulations of `SafeBuffer` objects via `'[]'` and other methods. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1098 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59334 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59329 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59348 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59332 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59314 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59347 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59353 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59204 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59278 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59302 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59266 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59316 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1098 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2012-1098, GHSA-qv8p-v9qw-wc7g, OSV-79726
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-va9q-fjn6-yqee |
|
| 71 |
| url |
VCID-wg3a-j2dp-ayh4 |
| vulnerability_id |
VCID-wg3a-j2dp-ayh4 |
| summary |
Possible DoS Vulnerability in Action Controller Token Authentication
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller.
Versions Affected: >= 4.0.0
Not affected: < 4.0.0
Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6
Impact
------
Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. Impacted code will look something like this:
```
class PostsController < ApplicationController
before_action :authenticate
private
def authenticate
authenticate_or_request_with_http_token do |token, options|
# ...
end
end
end
```
All users running an affected release should either upgrade or use one of the workarounds immediately.
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
The following monkey patch placed in an initializer can be used to work around the issue:
```ruby
module ActionController::HttpAuthentication::Token
AUTHN_PAIR_DELIMITERS = /(?:,|;|\t)/
end
```
Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.
* 5-2-http-authentication-dos.patch - Patch for 5.2 series
* 6-0-http-authentication-dos.patch - Patch for 6.0 series
* 6-1-http-authentication-dos.patch - Patch for 6.1 series
Please note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.
Credits
-------
Thank you to https://hackerone.com/wonda_tea_coffee for reporting this issue! |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-22904 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07856 |
| scoring_system |
epss |
| scoring_elements |
0.92015 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.07856 |
| scoring_system |
epss |
| scoring_elements |
0.92019 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.07856 |
| scoring_system |
epss |
| scoring_elements |
0.92022 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.07856 |
| scoring_system |
epss |
| scoring_elements |
0.92007 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.07856 |
| scoring_system |
epss |
| scoring_elements |
0.92004 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.07856 |
| scoring_system |
epss |
| scoring_elements |
0.92 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.07856 |
| scoring_system |
epss |
| scoring_elements |
0.91966 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.07856 |
| scoring_system |
epss |
| scoring_elements |
0.91987 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.07856 |
| scoring_system |
epss |
| scoring_elements |
0.91981 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.07856 |
| scoring_system |
epss |
| scoring_elements |
0.91974 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-22904 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2021-22904, GHSA-7wjx-3g7j-8584
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wg3a-j2dp-ayh4 |
|
| 72 |
| url |
VCID-wyy6-h8bq-vyde |
| vulnerability_id |
VCID-wyy6-h8bq-vyde |
| summary |
Denial of Service in Action Dispatch
Impact
------
There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
The following monkey patch placed in an initializer can be used to work around the issue.
```ruby
module Mime
class Type
MIME_REGEXP = /\A(?:\*\/\*|#{MIME_NAME}\/(?:\*|#{MIME_NAME})(?>\s*#{MIME_PARAMETER}\s*)*)\z/
end
end
```
Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.
* 6-0-Prevent-catastrophic-backtracking-during-mime-parsin.patch - Patch for 6.0 series
* 6-1-Prevent-catastrophic-backtracking-during-mime-parsin.patch - Patch for 6.1 series
Please note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.
Credits
-------
Thanks to Security Curious <security...@pm.me> for reporting this! |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-22902 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01063 |
| scoring_system |
epss |
| scoring_elements |
0.77693 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01063 |
| scoring_system |
epss |
| scoring_elements |
0.77605 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01063 |
| scoring_system |
epss |
| scoring_elements |
0.77612 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01063 |
| scoring_system |
epss |
| scoring_elements |
0.77639 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01063 |
| scoring_system |
epss |
| scoring_elements |
0.77621 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01063 |
| scoring_system |
epss |
| scoring_elements |
0.77649 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01063 |
| scoring_system |
epss |
| scoring_elements |
0.77655 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01063 |
| scoring_system |
epss |
| scoring_elements |
0.77681 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01063 |
| scoring_system |
epss |
| scoring_elements |
0.77665 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01063 |
| scoring_system |
epss |
| scoring_elements |
0.77664 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.01063 |
| scoring_system |
epss |
| scoring_elements |
0.77701 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.01063 |
| scoring_system |
epss |
| scoring_elements |
0.77699 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-22902 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2021-22902, GHSA-g8ww-46x2-2p65
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wyy6-h8bq-vyde |
|
| 73 |
| url |
VCID-xa94-z6yu-skf8 |
| vulnerability_id |
VCID-xa94-z6yu-skf8 |
| summary |
Symbol DoS vulnerability in Active Record
When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1854 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01795 |
| scoring_system |
epss |
| scoring_elements |
0.82723 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.01795 |
| scoring_system |
epss |
| scoring_elements |
0.82803 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.01795 |
| scoring_system |
epss |
| scoring_elements |
0.828 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.01795 |
| scoring_system |
epss |
| scoring_elements |
0.82761 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.01795 |
| scoring_system |
epss |
| scoring_elements |
0.82766 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.01795 |
| scoring_system |
epss |
| scoring_elements |
0.82748 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01795 |
| scoring_system |
epss |
| scoring_elements |
0.82771 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01795 |
| scoring_system |
epss |
| scoring_elements |
0.82697 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.01795 |
| scoring_system |
epss |
| scoring_elements |
0.82755 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.01795 |
| scoring_system |
epss |
| scoring_elements |
0.82713 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.01795 |
| scoring_system |
epss |
| scoring_elements |
0.82726 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1854 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:2.3.14.2 |
| purl |
pkg:deb/debian/rails@2:2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-2efj-tf8d-dfck |
|
| 6 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 7 |
| vulnerability |
VCID-333w-aacz-mfcr |
|
| 8 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 9 |
| vulnerability |
VCID-3m2y-wy1w-n7h1 |
|
| 10 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 11 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 12 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 13 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 14 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 15 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 16 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 17 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 18 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 19 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 20 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 21 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 22 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 23 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 24 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 25 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 26 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 27 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 28 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 29 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 30 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 31 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 32 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 33 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 34 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 35 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 36 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 37 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 38 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 39 |
| vulnerability |
VCID-sb9g-rdnm-rqbm |
|
| 40 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 41 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 42 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 43 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 44 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 45 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 46 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 47 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 48 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 49 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 50 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 51 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 52 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 53 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 54 |
| vulnerability |
VCID-zkvd-bfd6-t7dg |
|
| 55 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 56 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 57 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2 |
|
|
| aliases |
CVE-2013-1854, GHSA-3crr-9vmg-864v, OSV-91453
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xa94-z6yu-skf8 |
|
| 74 |
| url |
VCID-yy6t-ybeu-qycc |
| vulnerability_id |
VCID-yy6t-ybeu-qycc |
| summary |
Possible ReDoS vulnerability in block_format in Action Mailer
There is a possible ReDoS vulnerability in the block_format helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889.
Impact
------
Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.
Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected.
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
Users can avoid calling the `block_format` helper or upgrade to Ruby 3.2
Credits
-------
Thanks to yuki_osaki for the report! |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-47889 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00344 |
| scoring_system |
epss |
| scoring_elements |
0.57068 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00344 |
| scoring_system |
epss |
| scoring_elements |
0.57094 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00344 |
| scoring_system |
epss |
| scoring_elements |
0.57066 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00344 |
| scoring_system |
epss |
| scoring_elements |
0.5709 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00344 |
| scoring_system |
epss |
| scoring_elements |
0.57111 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00344 |
| scoring_system |
epss |
| scoring_elements |
0.57099 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00344 |
| scoring_system |
epss |
| scoring_elements |
0.57047 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00344 |
| scoring_system |
epss |
| scoring_elements |
0.57046 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00344 |
| scoring_system |
epss |
| scoring_elements |
0.57069 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00344 |
| scoring_system |
epss |
| scoring_elements |
0.57097 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-47889 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-47889, GHSA-h47h-mwp9-c6q6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yy6t-ybeu-qycc |
|
| 75 |
| url |
VCID-yzpx-3gam-y3bu |
| vulnerability_id |
VCID-yzpx-3gam-y3bu |
| summary |
Active Storage allowed transformation methods that were potentially unsafe
Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default.
The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where arbitrary user supplied input is accepted as valid transformation methods or parameters.
This has been assigned the CVE identifier CVE-2025-24293.
Versions Affected: >= 5.2.0
Not affected: < 5.2.0
Fixed Versions: 7.1.5.2, 7.2.2.2, 8.0.2.1
Impact
------
This vulnerability impacts applications that use Active Storage with the image_processing processing gem in addition to mini_magick as the image processor.
Vulnerable code will look something similar to this:
```
<%= image_tag blob.variant(params[:t] => params[:v]) %>
```
Where the transformation method or its arguments are untrusted arbitrary input.
All users running an affected release should either upgrade or use one of the workarounds immediately.
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
Consuming user supplied input for image transformation methods or their parameters is unsupported behavior and should be considered dangerous.
Strict validation of user supplied methods and parameters should be performed as well as having a strong [ImageMagick security policy](https://imagemagick.org/script/security-policy.php) deployed.
Credits
-------
Thank you [lio346](https://hackerone.com/lio346) from Unit 515 of OPSWAT for reporting this! |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-24293 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42056 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42119 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42091 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43287 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43312 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43327 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43347 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43316 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43301 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43361 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43351 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-24293 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-r4mg-4433-c7g3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-02T14:45:32Z/ |
|
|
| url |
https://github.com/advisories/GHSA-r4mg-4433-c7g3 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-24293, GHSA-r4mg-4433-c7g3
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yzpx-3gam-y3bu |
|
| 76 |
| url |
VCID-z1jv-4ga2-7kd1 |
| vulnerability_id |
VCID-z1jv-4ga2-7kd1 |
| summary |
Possible Information Leak Vulnerability
Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2097 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01912 |
| scoring_system |
epss |
| scoring_elements |
0.83305 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.01912 |
| scoring_system |
epss |
| scoring_elements |
0.8329 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.01912 |
| scoring_system |
epss |
| scoring_elements |
0.83281 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.01912 |
| scoring_system |
epss |
| scoring_elements |
0.83257 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01912 |
| scoring_system |
epss |
| scoring_elements |
0.83242 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.01912 |
| scoring_system |
epss |
| scoring_elements |
0.83226 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.01912 |
| scoring_system |
epss |
| scoring_elements |
0.83333 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.01912 |
| scoring_system |
epss |
| scoring_elements |
0.83295 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.01912 |
| scoring_system |
epss |
| scoring_elements |
0.83299 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01912 |
| scoring_system |
epss |
| scoring_elements |
0.83332 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.01912 |
| scoring_system |
epss |
| scoring_elements |
0.83331 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2097 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-2097 |
| reference_id |
CVE-2016-2097 |
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-2097 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4 |
|
| 1 |
| url |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| purl |
pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 14 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 15 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 16 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 17 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 18 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 19 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 20 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 21 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 22 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 23 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 24 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 25 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 26 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 27 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 28 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 29 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 30 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 31 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 32 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 33 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 34 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 35 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 36 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 37 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 38 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 39 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 40 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2 |
|
|
| aliases |
CVE-2016-2097, GHSA-vx9j-46rh-fqr8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z1jv-4ga2-7kd1 |
|
| 77 |
| url |
VCID-zkvd-bfd6-t7dg |
| vulnerability_id |
VCID-zkvd-bfd6-t7dg |
| summary |
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true` |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-7818 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00222 |
| scoring_system |
epss |
| scoring_elements |
0.44786 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00222 |
| scoring_system |
epss |
| scoring_elements |
0.44762 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00222 |
| scoring_system |
epss |
| scoring_elements |
0.44815 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00222 |
| scoring_system |
epss |
| scoring_elements |
0.44817 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00222 |
| scoring_system |
epss |
| scoring_elements |
0.44834 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00222 |
| scoring_system |
epss |
| scoring_elements |
0.44803 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00222 |
| scoring_system |
epss |
| scoring_elements |
0.44805 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00222 |
| scoring_system |
epss |
| scoring_elements |
0.44858 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00222 |
| scoring_system |
epss |
| scoring_elements |
0.44851 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00222 |
| scoring_system |
epss |
| scoring_elements |
0.44721 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00222 |
| scoring_system |
epss |
| scoring_elements |
0.44801 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00222 |
| scoring_system |
epss |
| scoring_elements |
0.44822 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-7818 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:4.1.8-1 |
| purl |
pkg:deb/debian/rails@2:4.1.8-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-5x54-hckg-x7b8 |
|
| 9 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 10 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 11 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 12 |
| vulnerability |
VCID-6yr6-a21g-dyf5 |
|
| 13 |
| vulnerability |
VCID-86jq-2md2-d7ah |
|
| 14 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 15 |
| vulnerability |
VCID-8dad-dvat-1fg4 |
|
| 16 |
| vulnerability |
VCID-9hq5-3usy-5fhq |
|
| 17 |
| vulnerability |
VCID-9t7a-muwx-zyee |
|
| 18 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 19 |
| vulnerability |
VCID-bjwf-uhyk-63aj |
|
| 20 |
| vulnerability |
VCID-c8b5-d83n-nuhw |
|
| 21 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 22 |
| vulnerability |
VCID-d15q-6ukb-wfff |
|
| 23 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 24 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 25 |
| vulnerability |
VCID-ed3f-3bxh-eba4 |
|
| 26 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 27 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 28 |
| vulnerability |
VCID-g5q6-7uav-sqh1 |
|
| 29 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 30 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 31 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 32 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 33 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 34 |
| vulnerability |
VCID-pb5f-g4uc-r7fp |
|
| 35 |
| vulnerability |
VCID-s5ah-tf63-a7cw |
|
| 36 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 37 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 38 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 39 |
| vulnerability |
VCID-t2cx-7ycd-tqhq |
|
| 40 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 41 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 42 |
| vulnerability |
VCID-thx6-usb2-kkgc |
|
| 43 |
| vulnerability |
VCID-v3r3-bwp5-a3bn |
|
| 44 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 45 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 46 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 47 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 48 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 49 |
| vulnerability |
VCID-z1jv-4ga2-7kd1 |
|
| 50 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 51 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
| 52 |
| vulnerability |
VCID-zydu-j9dg-fqdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1 |
|
|
| aliases |
CVE-2014-7818, GHSA-29gr-w57f-rpfw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zkvd-bfd6-t7dg |
|
| 78 |
| url |
VCID-zqzx-avvt-wkhm |
| vulnerability_id |
VCID-zqzx-avvt-wkhm |
| summary |
Active Record logging vulnerable to ANSI escape injection
This vulnerability has been assigned the CVE identifier CVE-2025-55193
### Impact
The ID passed to `find` or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences.
### Releases
The fixed releases are available at the normal locations.
### Credits
Thanks to [lio346](https://hackerone.com/lio346) from Unit 515 of OPSWAT for reporting this vulnerability |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-55193 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.334 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33396 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33363 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33317 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33475 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33444 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.3337 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33335 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33358 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00148 |
| scoring_system |
epss |
| scoring_elements |
0.35209 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00148 |
| scoring_system |
epss |
| scoring_elements |
0.35258 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-55193 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-55193, GHSA-76r7-hhxj-r776
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zqzx-avvt-wkhm |
|
| 79 |
| url |
VCID-zy7d-3db6-sydw |
| vulnerability_id |
VCID-zy7d-3db6-sydw |
| summary |
Cross-site scripting in actionpack
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.
Workarounds
-----------
Until such time as the patch can be applied, application developers should disable the Actionable Exceptions middleware in their development environment via a line such as this one in their config/environment/development.rb: `config.middleware.delete ActionDispatch::ActionableExceptions` |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8264 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.5719 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57065 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57159 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57183 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.5716 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57211 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57213 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57225 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57206 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57186 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.5721 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8264 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| purl |
pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 1 |
| vulnerability |
VCID-4tzv-1t1b-t3g3 |
|
| 2 |
| vulnerability |
VCID-5tky-d2en-u7c7 |
|
| 3 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 4 |
| vulnerability |
VCID-96qr-hdbp-p7ff |
|
| 5 |
| vulnerability |
VCID-a6z9-5n6k-2kak |
|
| 6 |
| vulnerability |
VCID-ad6q-vtdf-syb6 |
|
| 7 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 8 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 9 |
| vulnerability |
VCID-hatd-vkun-13hj |
|
| 10 |
| vulnerability |
VCID-n8r7-wthv-fqaj |
|
| 11 |
| vulnerability |
VCID-qxe4-dubt-1kfp |
|
| 12 |
| vulnerability |
VCID-sarm-n22v-akcm |
|
| 13 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 14 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 15 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 16 |
| vulnerability |
VCID-wpmk-wgpm-cuee |
|
| 17 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 18 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 19 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2 |
|
|
| aliases |
CVE-2020-8264, GHSA-35mm-cc6r-8fjp
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
6.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zy7d-3db6-sydw |
|
| 80 |
| url |
VCID-zydu-j9dg-fqdb |
| vulnerability_id |
VCID-zydu-j9dg-fqdb |
| summary |
Improper Input Validation
A remote code execution vulnerability in development mode Rails can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-5420 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.93745 |
| scoring_system |
epss |
| scoring_elements |
0.99853 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.93745 |
| scoring_system |
epss |
| scoring_elements |
0.9985 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.93745 |
| scoring_system |
epss |
| scoring_elements |
0.99851 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.93745 |
| scoring_system |
epss |
| scoring_elements |
0.99852 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-5420 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-5420 |
| reference_id |
CVE-2019-5420 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-5420 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| purl |
pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12x8-jxdf-jqdz |
|
| 1 |
| vulnerability |
VCID-19fr-55kr-hyax |
|
| 2 |
| vulnerability |
VCID-1bxs-yghe-cyck |
|
| 3 |
| vulnerability |
VCID-1rxp-g9rz-4yb3 |
|
| 4 |
| vulnerability |
VCID-1x8k-t8mr-3fgp |
|
| 5 |
| vulnerability |
VCID-31xv-z8c6-a7bg |
|
| 6 |
| vulnerability |
VCID-3hur-esmy-x3hr |
|
| 7 |
| vulnerability |
VCID-5qu2-b8gt-7qe3 |
|
| 8 |
| vulnerability |
VCID-63gy-6njy-kbd8 |
|
| 9 |
| vulnerability |
VCID-6ku5-mtgz-zygw |
|
| 10 |
| vulnerability |
VCID-6pxd-xsaw-tuer |
|
| 11 |
| vulnerability |
VCID-895a-ydc5-zfg6 |
|
| 12 |
| vulnerability |
VCID-a6sp-18av-wya6 |
|
| 13 |
| vulnerability |
VCID-ce39-j83r-6ug9 |
|
| 14 |
| vulnerability |
VCID-dd9p-x7k3-37ea |
|
| 15 |
| vulnerability |
VCID-drg6-gj1f-h7ea |
|
| 16 |
| vulnerability |
VCID-es1t-7196-4kbb |
|
| 17 |
| vulnerability |
VCID-g3rk-djae-pkeh |
|
| 18 |
| vulnerability |
VCID-gjey-bqtd-kqa1 |
|
| 19 |
| vulnerability |
VCID-hppf-a715-r7b2 |
|
| 20 |
| vulnerability |
VCID-jwun-grgg-2uet |
|
| 21 |
| vulnerability |
VCID-mnkw-23eu-bkgc |
|
| 22 |
| vulnerability |
VCID-p5mc-r1rg-5ff7 |
|
| 23 |
| vulnerability |
VCID-sfyc-jewr-wuf5 |
|
| 24 |
| vulnerability |
VCID-sgdb-985e-4uej |
|
| 25 |
| vulnerability |
VCID-sygb-mygd-s3gb |
|
| 26 |
| vulnerability |
VCID-t684-yp58-hkg8 |
|
| 27 |
| vulnerability |
VCID-t9yh-ss8z-e3cb |
|
| 28 |
| vulnerability |
VCID-v9mt-t1pb-hybk |
|
| 29 |
| vulnerability |
VCID-wg3a-j2dp-ayh4 |
|
| 30 |
| vulnerability |
VCID-wyy6-h8bq-vyde |
|
| 31 |
| vulnerability |
VCID-yy6t-ybeu-qycc |
|
| 32 |
| vulnerability |
VCID-yzpx-3gam-y3bu |
|
| 33 |
| vulnerability |
VCID-zqzx-avvt-wkhm |
|
| 34 |
| vulnerability |
VCID-zy7d-3db6-sydw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3 |
|
|
| aliases |
CVE-2019-5420, GHSA-m42h-mh85-4qgc
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zydu-j9dg-fqdb |
|