Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1073997?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1073997?format=api", "purl": "pkg:deb/debian/rails@2.3.5-1.2%2Bsqueeze8", "type": "deb", "namespace": "debian", "name": "rails", "version": "2.3.5-1.2+squeeze8", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2:7.2.3.1+dfsg-1", "latest_non_vulnerable_version": "2:7.2.3.1+dfsg-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11428?format=api", "vulnerability_id": "VCID-171r-59fd-2bbj", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22577.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22577.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61521", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61417", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec" }, { "reference_url": "https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508" }, { "reference_url": "https://github.com/rails/rails/commit/8198d7c4accad0b6ba956b9d59528534a289866b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8198d7c4accad0b6ba956b9d59528534a289866b" }, { "reference_url": "https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809" }, { "reference_url": "https://github.com/rails/rails/pull/44635", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/pull/44635" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html" }, { "reference_url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221118-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20221118-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221118-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20221118-0002/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011941", "reference_id": "1011941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011941" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080302", "reference_id": "2080302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080302" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22577", "reference_id": "CVE-2022-22577", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22577" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-22577.yml", "reference_id": "CVE-2022-22577.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-22577.yml" }, { "reference_url": "https://github.com/advisories/GHSA-mm33-5vfq-3mm3", "reference_id": "GHSA-mm33-5vfq-3mm3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mm33-5vfq-3mm3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2022-22577", "GHSA-mm33-5vfq-3mm3", "GMS-2022-1137" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-171r-59fd-2bbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/738?format=api", "vulnerability_id": "VCID-1a29-4ncr-bbgm", "summary": "", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08895", "scoring_system": "epss", "scoring_elements": "0.92774", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.08895", "scoring_system": "epss", "scoring_elements": "0.9275", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17" }, { "reference_url": "https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6" }, { "reference_url": "https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc" }, { "reference_url": "https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/9" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946", "reference_id": "1301946", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751", "reference_id": "CVE-2016-0751", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml", "reference_id": "CVE-2016-0751.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml" }, { "reference_url": "https://github.com/advisories/GHSA-ffpv-c4hm-3x6v", "reference_id": "GHSA-ffpv-c4hm-3x6v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffpv-c4hm-3x6v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074000?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078269?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2" } ], "aliases": [ "CVE-2016-0751", "GHSA-ffpv-c4hm-3x6v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1a29-4ncr-bbgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25626?format=api", "vulnerability_id": "VCID-1ua6-6a16-9fde", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77644", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77712", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55193" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106", "reference_id": "1111106", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388446", "reference_id": "2388446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388446" }, { "reference_url": "https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290", "reference_id": "3beef20013736fd52c5dcfdf061f7999ba318290", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290" }, { "reference_url": "https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b", "reference_id": "568c0bc2f1e74c65d150a84b89a080949bf9eb9b", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b" }, { "reference_url": "https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202", "reference_id": "6a944ca4805e72050a0fbb1a461534eb760d3202", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202" }, { "reference_url": "https://github.com/advisories/GHSA-76r7-hhxj-r776", "reference_id": "GHSA-76r7-hhxj-r776", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-76r7-hhxj-r776" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776", "reference_id": "GHSA-76r7-hhxj-r776", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074931?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2" } ], "aliases": [ "CVE-2025-55193", "GHSA-76r7-hhxj-r776" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ua6-6a16-9fde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/740?format=api", "vulnerability_id": "VCID-214c-rjny-9ud4", "summary": "", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0753.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0753.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02328", "scoring_system": "epss", "scoring_elements": "0.85224", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02328", "scoring_system": "epss", "scoring_elements": "0.85171", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ" }, { "reference_url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247" }, { "reference_url": "https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301973", "reference_id": "1301973", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301973" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0753", "reference_id": "CVE-2016-0753", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0753" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml", "reference_id": "CVE-2016-0753.YML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml" }, { "reference_url": "https://github.com/advisories/GHSA-543v-gj2c-r3ch", "reference_id": "GHSA-543v-gj2c-r3ch", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-543v-gj2c-r3ch" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074000?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078269?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2" } ], "aliases": [ "CVE-2016-0753", "GHSA-543v-gj2c-r3ch" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-214c-rjny-9ud4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178552?format=api", "vulnerability_id": "VCID-2529-ucg8-dkgy", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70759", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70669", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921335", "reference_id": "921335", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921335" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1857", "reference_id": "CVE-2013-1857", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1857" }, { "reference_url": "https://github.com/advisories/GHSA-j838-vfpq-fmf2", "reference_id": "GHSA-j838-vfpq-fmf2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j838-vfpq-fmf2" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2013-1857", "GHSA-j838-vfpq-fmf2", "OSV-91454" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2529-ucg8-dkgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/202850?format=api", "vulnerability_id": "VCID-2b1z-1k24-kfb8", "summary": "The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the \"typed XML\" feature and a MySQL database.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2013/02/06/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/02/06/7" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/04/24/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/04/24/7" }, { "reference_url": "http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65749", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65651", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3221" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3221", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3221" }, { "reference_url": "https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=954365", "reference_id": "954365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=954365" }, { "reference_url": "https://github.com/advisories/GHSA-f57c-hx33-hvh8", "reference_id": "GHSA-f57c-hx33-hvh8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f57c-hx33-hvh8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2013-3221", "GHSA-f57c-hx33-hvh8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2b1z-1k24-kfb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9082?format=api", "vulnerability_id": "VCID-2s57-9frf-4qhk", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03338", "scoring_system": "epss", "scoring_elements": "0.87573", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03338", "scoring_system": "epss", "scoring_elements": "0.87615", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.4.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v5.2.4.6" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v5.2.6" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.0.3.7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.0.3.7" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.3.2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ" }, { "reference_url": "https://hackerone.com/reports/1101125", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1101125" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210805-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210805-0009/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379", "reference_id": "1961379", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214", "reference_id": "988214", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214" }, { "reference_url": "https://security.archlinux.org/AVG-1920", "reference_id": "AVG-1920", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1920" }, { "reference_url": "https://security.archlinux.org/AVG-1921", "reference_id": "AVG-1921", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1921" }, { "reference_url": "https://security.archlinux.org/AVG-2090", "reference_id": "AVG-2090", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2090" }, { "reference_url": "https://security.archlinux.org/AVG-2223", "reference_id": "AVG-2223", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2223" }, { "reference_url": "https://github.com/advisories/GHSA-7wjx-3g7j-8584", "reference_id": "GHSA-7wjx-3g7j-8584", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7wjx-3g7j-8584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2021-22904", "GHSA-7wjx-3g7j-8584" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2s57-9frf-4qhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15119?format=api", "vulnerability_id": "VCID-2uka-fwza-dyfc", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02264", "scoring_system": "epss", "scoring_elements": "0.84992", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02264", "scoring_system": "epss", "scoring_elements": "0.85044", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22792" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0007" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164800", "reference_id": "2164800", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164800" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115", "reference_id": "82115", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "dsa-5372", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://github.com/advisories/GHSA-p84v-45xj-wwqj", "reference_id": "GHSA-p84v-45xj-wwqj", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p84v-45xj-wwqj" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0007/", "reference_id": "ntap-20240202-0007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2023-22792", "GHSA-p84v-45xj-wwqj", "GMS-2023-58" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2uka-fwza-dyfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111937?format=api", "vulnerability_id": "VCID-34kh-7cbr-s7b9", "summary": "security update", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/07/02/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/07/02/5" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0877.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0877.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00924", "scoring_system": "epss", "scoring_elements": "0.7646", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00924", "scoring_system": "epss", "scoring_elements": "0.7653", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3483" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }, { "reference_url": "https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4" }, { "reference_url": "https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2982", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114427", "reference_id": "1114427", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114427" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3483", "reference_id": "CVE-2014-3483", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3483" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml", "reference_id": "CVE-2014-3483.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml" }, { "reference_url": "https://github.com/advisories/GHSA-r8fh-hq2p-7qhq", "reference_id": "GHSA-r8fh-hq2p-7qhq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r8fh-hq2p-7qhq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0877", "reference_id": "RHSA-2014:0877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0877" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073999?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1" } ], "aliases": [ "CVE-2014-3483", "GHSA-r8fh-hq2p-7qhq", "OSV-108665" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-34kh-7cbr-s7b9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178547?format=api", "vulnerability_id": "VCID-39m4-12ms-skh2", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91522", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91491", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277" }, { "reference_url": "http://securitytracker.com/id?1028109", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1028109" }, { "reference_url": "https://github.com/rails/rails/tree/v6.1.4.1/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/v6.1.4.1/activerecord" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2620", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/11/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909633", "reference_id": "909633", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909633" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0277", "reference_id": "CVE-2013-0277", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0277" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-0277", "reference_id": "CVE-2013-0277", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-0277" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml", "reference_id": "CVE-2013-0277.YML", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml" }, { "reference_url": "https://github.com/advisories/GHSA-fhj9-cjjh-27vm", "reference_id": "GHSA-fhj9-cjjh-27vm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fhj9-cjjh-27vm" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2013-0277", "GHSA-fhj9-cjjh-27vm", "OSV-90073" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39m4-12ms-skh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11544?format=api", "vulnerability_id": "VCID-3e1p-t61q-xfft", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.49186", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.49049", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html" }, { "reference_url": "https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240119-0013", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240119-0013" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240119-0013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20240119-0013/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/11/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/11/5" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389", "reference_id": "1005389", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063149", "reference_id": "2063149", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063149" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23633", "reference_id": "CVE-2022-23633", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23633" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml", "reference_id": "CVE-2022-23633.YML", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml" }, { "reference_url": "https://github.com/advisories/GHSA-wh98-p28r-vrc9", "reference_id": "GHSA-wh98-p28r-vrc9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wh98-p28r-vrc9" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9", "reference_id": "GHSA-wh98-p28r-vrc9", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5498", "reference_id": "RHSA-2022:5498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5498" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2022-23633", "GHSA-wh98-p28r-vrc9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3e1p-t61q-xfft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20041?format=api", "vulnerability_id": "VCID-3k19-3heq-dufq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68652", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68744", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41128" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075", "reference_id": "27121e80f6dbb260f5a9f0452cd8411cb681f075", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075" }, { "reference_url": "https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef", "reference_id": "b0fe99fa854ec8ff4498e75779b458392d1560ef", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef" }, { "reference_url": "https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891", "reference_id": "b1241f468d1b32235f438c2e2203386e6efd3891", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2024-41128", "reference_id": "cve-2024-41128", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://access.redhat.com/security/cve/cve-2024-41128" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41128", "reference_id": "CVE-2024-41128", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41128" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml", "reference_id": "CVE-2024-41128.YML", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml" }, { "reference_url": "https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd", "reference_id": "fb493bebae1a9b83e494fe7edbf01f6167d606fd", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd" }, { "reference_url": "https://github.com/advisories/GHSA-x76w-6vjr-8xgj", "reference_id": "GHSA-x76w-6vjr-8xgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x76w-6vjr-8xgj" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj", "reference_id": "GHSA-x76w-6vjr-8xgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319036", "reference_id": "show_bug.cgi?id=2319036", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319036" }, { "reference_url": "https://usn.ubuntu.com/7290-1/", "reference_id": "USN-7290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074931?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2" } ], "aliases": [ "CVE-2024-41128", "GHSA-x76w-6vjr-8xgj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3k19-3heq-dufq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/202582?format=api", "vulnerability_id": "VCID-3nsx-u3u3-7fh7", "summary": "The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.", "references": [ { "reference_url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts" }, { "reference_url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/01/03/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/01/03/12" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60998", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.61104", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6497" }, { "reference_url": "https://github.com/binarylogic/authlogic", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/binarylogic/authlogic" }, { "reference_url": "https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873" }, { "reference_url": "https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873#diff-724a09c582d42a66c65c0bdaadcb21ee", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873#diff-724a09c582d42a66c65c0bdaadcb21ee" }, { "reference_url": "https://github.com/binarylogic/authlogic/pull/341", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/binarylogic/authlogic/pull/341" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/authlogic/OSVDB-89064.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/authlogic/OSVDB-89064.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6497", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6497" }, { "reference_url": "https://web.archive.org/web/20130104161608/http://www.securityfocus.com/bid/57084", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130104161608/http://www.securityfocus.com/bid/57084" }, { "reference_url": "https://web.archive.org/web/20130116043311/http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130116043311/http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html" }, { "reference_url": "https://github.com/advisories/GHSA-rx7j-mw4c-76g9", "reference_id": "GHSA-rx7j-mw4c-76g9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rx7j-mw4c-76g9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2012-6497", "GHSA-rx7j-mw4c-76g9", "OSV-89064" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nsx-u3u3-7fh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/493?format=api", "vulnerability_id": "VCID-3qsf-qm7w-y7be", "summary": "", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.79447", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.7938", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957", "reference_id": "1301957", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577", "reference_id": "CVE-2015-7577", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml", "reference_id": "CVE-2015-7577.YML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xrr6-3pc4-m447", "reference_id": "GHSA-xrr6-3pc4-m447", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrr6-3pc4-m447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074000?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078269?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2" } ], "aliases": [ "CVE-2015-7577", "GHSA-xrr6-3pc4-m447" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qsf-qm7w-y7be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178544?format=api", "vulnerability_id": "VCID-3ser-nhqn-mbar", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95355", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95341", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2609", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2609" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892866", "reference_id": "892866", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892866" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0155", "reference_id": "CVE-2013-0155", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0155" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml", "reference_id": "CVE-2013-0155.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gppp-5xc5-wfpx", "reference_id": "GHSA-gppp-5xc5-wfpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gppp-5xc5-wfpx" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2013-0155", "GHSA-gppp-5xc5-wfpx", "OSV-89025" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ser-nhqn-mbar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196614?format=api", "vulnerability_id": "VCID-4j57-xdw3-a7em", "summary": "open redirect", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2021-22942", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2021-22942" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67822", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.6791", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22942" }, { "reference_url": "https://rubygems.org/gems/actionpack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubygems.org/gems/actionpack" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20240202-0005/" }, { "reference_url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/12/14/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/12/14/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995940", "reference_id": "1995940", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995940" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586", "reference_id": "992586", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586" }, { "reference_url": "https://security.archlinux.org/AVG-2492", "reference_id": "AVG-2492", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2492" }, { "reference_url": "https://security.archlinux.org/AVG-2493", "reference_id": "AVG-2493", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2493" }, { "reference_url": "https://github.com/advisories/GHSA-2rqw-v265-jf8c", "reference_id": "GHSA-2rqw-v265-jf8c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2rqw-v265-jf8c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2021-22942", "GHSA-2rqw-v265-jf8c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4j57-xdw3-a7em" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178535?format=api", "vulnerability_id": "VCID-56hv-j97k-w3dr", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.7183", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71915", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446" }, { "reference_url": "http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43274" }, { "reference_url": "http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43666" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217" }, { "reference_url": "https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666" }, { "reference_url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291" }, { "reference_url": "https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2247", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2247" }, { "reference_url": "http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/46291" }, { "reference_url": "http://www.securitytracker.com/id?1025064", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1025064" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0587", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0587" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864", "reference_id": "614864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0446", "reference_id": "CVE-2011-0446", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0446" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml", "reference_id": "CVE-2011-0446.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml", "reference_id": "CVE-2011-0446.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml" }, { "reference_url": "https://github.com/advisories/GHSA-75w6-p6mg-vh8j", "reference_id": "GHSA-75w6-p6mg-vh8j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75w6-p6mg-vh8j" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2011-0446", "GHSA-75w6-p6mg-vh8j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-56hv-j97k-w3dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178536?format=api", "vulnerability_id": "VCID-58mv-ca6x-ruh8", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.77309", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.7738", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447" }, { "reference_url": "http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43274" }, { "reference_url": "http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43666" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034" }, { "reference_url": "https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06" }, { "reference_url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291" }, { "reference_url": "https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060" }, { "reference_url": "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2247", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2247" }, { "reference_url": "http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/46291" }, { "reference_url": "http://www.securitytracker.com/id?1025060", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1025060" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0587", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0587" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864", "reference_id": "614864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0447", "reference_id": "CVE-2011-0447", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0447" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml", "reference_id": "CVE-2011-0447.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml" }, { "reference_url": "https://github.com/advisories/GHSA-24fg-p96v-hxh8", "reference_id": "GHSA-24fg-p96v-hxh8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-24fg-p96v-hxh8" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2011-0447", "GHSA-24fg-p96v-hxh8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-58mv-ca6x-ruh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109434?format=api", "vulnerability_id": "VCID-6rc5-9gn7-tbbv", "summary": "security update", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/8" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75889", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75961", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4" }, { "reference_url": "https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782" }, { "reference_url": "https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647" }, { "reference_url": "https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520", "reference_id": "1065520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081", "reference_id": "CVE-2014-0081", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml", "reference_id": "CVE-2014-0081.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml", "reference_id": "CVE-2014-0081.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml" }, { "reference_url": "https://github.com/advisories/GHSA-m46p-ggm5-5j83", "reference_id": "GHSA-m46p-ggm5-5j83", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m46p-ggm5-5j83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0215", "reference_id": "RHSA-2014:0215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0306", "reference_id": "RHSA-2014:0306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0306" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2014-0081", "GHSA-m46p-ggm5-5j83", "OSV-103439" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6rc5-9gn7-tbbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111935?format=api", "vulnerability_id": "VCID-74g9-svkp-h3f1", "summary": "security update", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/07/02/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/07/02/5" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0876.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0876.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.8172", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81782", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2982", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114425", "reference_id": "1114425", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114425" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3482", "reference_id": "CVE-2014-3482", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3482" }, { "reference_url": "https://github.com/advisories/GHSA-mhwp-qhpc-h3jm", "reference_id": "GHSA-mhwp-qhpc-h3jm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhwp-qhpc-h3jm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0876", "reference_id": "RHSA-2014:0876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0876" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073999?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1" } ], "aliases": [ "CVE-2014-3482", "GHSA-mhwp-qhpc-h3jm", "OSV-108664" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-74g9-svkp-h3f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15151?format=api", "vulnerability_id": "VCID-7659-nqt4-cyes", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.4313", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43288", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23913", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23913" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0007" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182160", "reference_id": "2182160", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182160" }, { "reference_url": "https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd", "reference_id": "5037a13614d71727af8a175063bcf6ba1a74bdbd", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468", "reference_id": "82468", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263", "reference_id": "bugreport.cgi?bug=1033263", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5389", "reference_id": "dsa-5389", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5389" }, { "reference_url": "https://github.com/advisories/GHSA-xp5h-f8jf-rc8q", "reference_id": "GHSA-xp5h-f8jf-rc8q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xp5h-f8jf-rc8q" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0007/", "reference_id": "ntap-20240605-0007", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2023-23913", "GHSA-xp5h-f8jf-rc8q" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7659-nqt4-cyes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200249?format=api", "vulnerability_id": "VCID-7b9s-j981-audq", "summary": "actionpack Cross-site Scripting vulnerability", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56495", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56614", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3465" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77" }, { "reference_url": "https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847200", "reference_id": "847200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847200" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3465", "reference_id": "CVE-2012-3465", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3465" }, { "reference_url": "https://github.com/advisories/GHSA-7g65-ghrg-hpf5", "reference_id": "GHSA-7g65-ghrg-hpf5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7g65-ghrg-hpf5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2012-3465", "GHSA-7g65-ghrg-hpf5", "OSV-84513" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7b9s-j981-audq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8675?format=api", "vulnerability_id": "VCID-873z-9zhz-3fhg", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5267.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5267.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75987", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75916", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5267" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/03/19/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/03/19/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831528", "reference_id": "1831528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831528" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304", "reference_id": "954304", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5267", "reference_id": "CVE-2020-5267", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5267" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml", "reference_id": "CVE-2020-5267.YML", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml" }, { "reference_url": "https://github.com/advisories/GHSA-65cv-r6x7-79hv", "reference_id": "GHSA-65cv-r6x7-79hv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-65cv-r6x7-79hv" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv", "reference_id": "GHSA-65cv-r6x7-79hv", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4366", "reference_id": "RHSA-2020:4366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2020-5267", "GHSA-65cv-r6x7-79hv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-873z-9zhz-3fhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9073?format=api", "vulnerability_id": "VCID-8ajf-ebxr-7bgf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22880.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22880.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02599", "scoring_system": "epss", "scoring_elements": "0.85936", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02599", "scoring_system": "epss", "scoring_elements": "0.85986", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI" }, { "reference_url": "https://hackerone.com/reports/1023899", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1023899" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22880" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210805-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210805-0009/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4929", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4929" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930102", "reference_id": "1930102", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930102" }, { "reference_url": "https://github.com/advisories/GHSA-8hc4-xxm3-5ppp", "reference_id": "GHSA-8hc4-xxm3-5ppp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8hc4-xxm3-5ppp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2021-22880", "GHSA-8hc4-xxm3-5ppp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ajf-ebxr-7bgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/188712?format=api", "vulnerability_id": "VCID-94u9-8r8a-rufw", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.8182", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81881", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://github.com/aws/aws-sdk-ruby", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aws/aws-sdk-ruby" }, { "reference_url": "https://github.com/aws/aws-sdk-ruby/issues/2098", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aws/aws-sdk-ruby/issues/2098" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ" }, { "reference_url": "https://hackerone.com/reports/789579", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/789579" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843005", "reference_id": "1843005", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8162", "reference_id": "CVE-2020-8162", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8162" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml", "reference_id": "CVE-2020-8162.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml" }, { "reference_url": "https://github.com/advisories/GHSA-m42x-37p3-fv5w", "reference_id": "GHSA-m42x-37p3-fv5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m42x-37p3-fv5w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2020-8162", "GHSA-m42x-37p3-fv5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94u9-8r8a-rufw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178542?format=api", "vulnerability_id": "VCID-9c9c-jwz1-zycr", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74769", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74698", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2932" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731435", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731435" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932" }, { "reference_url": "http://secunia.com/advisories/45917", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/45917" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2932", "reference_id": "CVE-2011-2932", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2932" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml", "reference_id": "CVE-2011-2932.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9fh3-vh3h-q4g3", "reference_id": "GHSA-9fh3-vh3h-q4g3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fh3-vh3h-q4g3" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2011-2932", "GHSA-9fh3-vh3h-q4g3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9c9c-jwz1-zycr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178545?format=api", "vulnerability_id": "VCID-9cgs-zd4y-2qdz", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0153.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0153.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91907", "scoring_system": "epss", "scoring_elements": "0.99709", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.91907", "scoring_system": "epss", "scoring_elements": "0.9971", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0156" }, { "reference_url": "https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain" }, { "reference_url": "https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" }, { "reference_url": "https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "reference_url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2604", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2604" }, { "reference_url": "http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html" }, { "reference_url": "http://www.insinuator.net/2013/01/rails-yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.insinuator.net/2013/01/rails-yaml" }, { "reference_url": "http://www.insinuator.net/2013/01/rails-yaml/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.insinuator.net/2013/01/rails-yaml/" }, { "reference_url": "http://www.kb.cert.org/vuls/id/380039", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/380039" }, { "reference_url": "http://www.kb.cert.org/vuls/id/628463", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/628463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722", "reference_id": "697722", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892870", "reference_id": "892870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892870" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0156", "reference_id": "CVE-2013-0156", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0156" }, { "reference_url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/", "reference_id": "CVE-2013-0156", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb", "reference_id": "CVE-2013-0156;OSVDB-89026", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb", "reference_id": "CVE-2013-0156;OSVDB-89026", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb" }, { "reference_url": "https://github.com/advisories/GHSA-jmgw-6vjg-jjwg", "reference_id": "GHSA-jmgw-6vjg-jjwg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmgw-6vjg-jjwg" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0153", "reference_id": "RHSA-2013:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2013-0156", "GHSA-jmgw-6vjg-jjwg", "OSV-89026" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9cgs-zd4y-2qdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200338?format=api", "vulnerability_id": "VCID-9j8b-jg5m-1kgk", "summary": "activesupport Cross-site Scripting vulnerability", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59826", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59718", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1098" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=799275", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=799275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098" }, { "reference_url": "https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml" }, { "reference_url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/02/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/02/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/03/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1098", "reference_id": "CVE-2012-1098", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1098" }, { "reference_url": "https://github.com/advisories/GHSA-qv8p-v9qw-wc7g", "reference_id": "GHSA-qv8p-v9qw-wc7g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qv8p-v9qw-wc7g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2012-1098", "GHSA-qv8p-v9qw-wc7g", "OSV-79726" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9j8b-jg5m-1kgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181754?format=api", "vulnerability_id": "VCID-9m63-rwun-nubx", "summary": "security update", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2015/06/16/17", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2015/06/16/17" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3226.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3226.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43789", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43944", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU" }, { "reference_url": "https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ" }, { "reference_url": "https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231" }, { "reference_url": "https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232310", "reference_id": "1232310", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232310" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486", "reference_id": "790486", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3226", "reference_id": "CVE-2015-3226", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3226" }, { "reference_url": "https://github.com/advisories/GHSA-vxvp-4xwc-jpp6", "reference_id": "GHSA-vxvp-4xwc-jpp6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxvp-4xwc-jpp6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074000?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078269?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2" } ], "aliases": [ "CVE-2015-3226", "GHSA-vxvp-4xwc-jpp6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9m63-rwun-nubx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109436?format=api", "vulnerability_id": "VCID-a6dm-ywkf-wkgh", "summary": "security update", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/10" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06456", "scoring_system": "epss", "scoring_elements": "0.91278", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.06456", "scoring_system": "epss", "scoring_elements": "0.91308", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc" }, { "reference_url": "https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ" }, { "reference_url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538", "reference_id": "1065538", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082", "reference_id": "CVE-2014-0082", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082" }, { "reference_url": "https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082", "reference_id": "CVE-2014-0082", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml", "reference_id": "CVE-2014-0082.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml" }, { "reference_url": "https://github.com/advisories/GHSA-7cgp-c3g7-qvrw", "reference_id": "GHSA-7cgp-c3g7-qvrw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7cgp-c3g7-qvrw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0215", "reference_id": "RHSA-2014:0215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0306", "reference_id": "RHSA-2014:0306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0306" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2014-0082", "GHSA-7cgp-c3g7-qvrw", "OSV-103440" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6dm-ywkf-wkgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7112?format=api", "vulnerability_id": "VCID-a8d2-vazh-gqbz", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93966", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93985", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5419" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715" }, { "reference_url": "https://github.com/rails/rails/pull/35708", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/pull/35708" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689160", "reference_id": "1689160", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689160" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520", "reference_id": "924520", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5419", "reference_id": "CVE-2019-5419", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5419" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml", "reference_id": "CVE-2019-5419.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml" }, { "reference_url": "https://github.com/advisories/GHSA-m63j-wh5w-c252", "reference_id": "GHSA-m63j-wh5w-c252", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m63j-wh5w-c252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0796", "reference_id": "RHSA-2019:0796", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1147", "reference_id": "RHSA-2019:1147", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1149", "reference_id": "RHSA-2019:1149", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1289", "reference_id": "RHSA-2019:1289", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1289" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" } ], "aliases": [ "CVE-2019-5419", "GHSA-m63j-wh5w-c252" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8d2-vazh-gqbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7113?format=api", "vulnerability_id": "VCID-abxz-4rbx-zfhe", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5420.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5420.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5420", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93513", "scoring_system": "epss", "scoring_elements": "0.99836", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.93513", "scoring_system": "epss", "scoring_elements": "0.99835", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5420" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5420", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5420" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://www.exploit-db.com/exploits/46785", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46785" }, { "reference_url": "https://www.exploit-db.com/exploits/46785/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46785/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689154", "reference_id": "1689154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689154" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924521", "reference_id": "924521", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924521" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46785.rb", "reference_id": "CVE-2019-5420", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46785.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5420", "reference_id": "CVE-2019-5420", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5420" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/rails_double_tap.rb", "reference_id": "CVE-2019-5420", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/rails_double_tap.rb" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/railties/CVE-2019-5420.yml", "reference_id": "CVE-2019-5420.YML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/railties/CVE-2019-5420.yml" }, { "reference_url": "https://github.com/advisories/GHSA-m42h-mh85-4qgc", "reference_id": "GHSA-m42h-mh85-4qgc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m42h-mh85-4qgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" } ], "aliases": [ "CVE-2019-5420", "GHSA-m42h-mh85-4qgc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-abxz-4rbx-zfhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8773?format=api", "vulnerability_id": "VCID-ajy4-eqvj-4ydd", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62947", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62845", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0" }, { "reference_url": "https://hackerone.com/reports/189878", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/189878" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843084", "reference_id": "1843084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843084" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8167", "reference_id": "CVE-2020-8167", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8167" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml", "reference_id": "CVE-2020-8167.YML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xq5j-gw7f-jgj8", "reference_id": "GHSA-xq5j-gw7f-jgj8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xq5j-gw7f-jgj8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2020-8167", "GHSA-xq5j-gw7f-jgj8" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajy4-eqvj-4ydd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/997?format=api", "vulnerability_id": "VCID-akcz-6jhs-7bdq", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83693", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83751", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4" }, { "reference_url": "https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122" }, { "reference_url": "https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726" }, { "reference_url": "https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3509", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3509" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043", "reference_id": "1310043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097", "reference_id": "CVE-2016-2097", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml", "reference_id": "CVE-2016-2097.YML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml", "reference_id": "CVE-2016-2097.YML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml" }, { "reference_url": "https://github.com/advisories/GHSA-vx9j-46rh-fqr8", "reference_id": "GHSA-vx9j-46rh-fqr8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vx9j-46rh-fqr8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0456", "reference_id": "RHSA-2016:0456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0456" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074000?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078269?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2" } ], "aliases": [ "CVE-2016-2097", "GHSA-vx9j-46rh-fqr8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-akcz-6jhs-7bdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200096?format=api", "vulnerability_id": "VCID-arbz-y6ud-mbap", "summary": "activesupport Cross-site Scripting vulnerability", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.48028", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.48166", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3464" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce" }, { "reference_url": "https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23" }, { "reference_url": "https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870" }, { "reference_url": "https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc" }, { "reference_url": "https://github.com/rails/rails/issues/7215", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/issues/7215" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847199", "reference_id": "847199", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847199" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3464", "reference_id": "CVE-2012-3464", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3464" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml", "reference_id": "CVE-2012-3464.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml" }, { "reference_url": "https://github.com/advisories/GHSA-h835-75hw-pj89", "reference_id": "GHSA-h835-75hw-pj89", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h835-75hw-pj89" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2012-3464", "GHSA-h835-75hw-pj89", "OSV-84516" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arbz-y6ud-mbap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181755?format=api", "vulnerability_id": "VCID-av5v-ktz7-9ybf", "summary": "security update", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/06/16/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2015/06/16/16" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3227.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3227.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86176", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86226", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3" }, { "reference_url": "https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680" }, { "reference_url": "https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk" }, { "reference_url": "https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234" }, { "reference_url": "https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232302", "reference_id": "1232302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232302" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487", "reference_id": "790487", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3227", "reference_id": "CVE-2015-3227", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3227" }, { "reference_url": "https://github.com/advisories/GHSA-j96r-xvjq-r9pg", "reference_id": "GHSA-j96r-xvjq-r9pg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j96r-xvjq-r9pg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074000?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078269?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2" } ], "aliases": [ "CVE-2015-3227", "GHSA-j96r-xvjq-r9pg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-av5v-ktz7-9ybf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199875?format=api", "vulnerability_id": "VCID-ayfj-arqs-5khk", "summary": "actionpack vulnerable to Path Traversal", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7818", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44766", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44916", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161499", "reference_id": "1161499", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161499" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934", "reference_id": "770934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7818", "reference_id": "CVE-2014-7818", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7818" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml", "reference_id": "CVE-2014-7818.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml" }, { "reference_url": "https://puppet.com/security/cve/cve-2014-7829", "reference_id": "CVE-2014-7829", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2014-7829" }, { "reference_url": "https://github.com/advisories/GHSA-29gr-w57f-rpfw", "reference_id": "GHSA-29gr-w57f-rpfw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-29gr-w57f-rpfw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073999?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1" } ], "aliases": [ "CVE-2014-7818", "GHSA-29gr-w57f-rpfw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ayfj-arqs-5khk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8771?format=api", "vulnerability_id": "VCID-b8tc-n7vg-wkdd", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90128", "scoring_system": "epss", "scoring_elements": "0.99606", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.90128", "scoring_system": "epss", "scoring_elements": "0.99607", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c" }, { "reference_url": "https://hackerone.com/reports/413388", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/413388" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250509-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250509-0002" }, { "reference_url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843072", "reference_id": "1843072", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843072" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8165", "reference_id": "CVE-2020-8165", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8165" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml", "reference_id": "CVE-2020-8165.YML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml" }, { "reference_url": "https://github.com/advisories/GHSA-2p68-f74v-9wc6", "reference_id": "GHSA-2p68-f74v-9wc6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2p68-f74v-9wc6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2020-8165", "GHSA-2p68-f74v-9wc6" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8tc-n7vg-wkdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8772?format=api", "vulnerability_id": "VCID-bqps-e1sm-xkhe", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63745", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63847", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843152", "reference_id": "1843152", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843152" }, { "reference_url": "https://hackerone.com/reports/732415", "reference_id": "732415", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/" } ], "url": "https://hackerone.com/reports/732415" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8166", "reference_id": "CVE-2020-8166", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8166" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml", "reference_id": "CVE-2020-8166.YML", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4766", "reference_id": "dsa-4766", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4766" }, { "reference_url": "https://github.com/advisories/GHSA-jp5v-5gx4-jmj9", "reference_id": "GHSA-jp5v-5gx4-jmj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jp5v-5gx4-jmj9" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw", "reference_id": "NOjKiGeXUgw", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2020-8166", "GHSA-jp5v-5gx4-jmj9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqps-e1sm-xkhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7111?format=api", "vulnerability_id": "VCID-bz3f-a6me-a3hh", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94318", "scoring_system": "epss", "scoring_elements": "0.99953", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418" }, { "reference_url": "https://www.exploit-db.com/exploits/46585", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46585" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/03/22/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689159", "reference_id": "1689159", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689159" }, { "reference_url": "https://www.exploit-db.com/exploits/46585/", "reference_id": "46585", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://www.exploit-db.com/exploits/46585/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520", "reference_id": "924520", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py", "reference_id": "CVE-2019-5418", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5418", "reference_id": "CVE-2019-5418", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5418" }, { "reference_url": "https://github.com/advisories/GHSA-86g5-2wh3-gc9j", "reference_id": "GHSA-86g5-2wh3-gc9j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-86g5-2wh3-gc9j" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html", "reference_id": "msg00011.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html", "reference_id": "msg00042.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q", "reference_id": "pFRKI96Sm8Q", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", "reference_id": "Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" }, { "reference_url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html", "reference_id": "Rails-5.2.1-Arbitrary-File-Content-Disclosure.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0796", "reference_id": "RHSA-2019:0796", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1147", "reference_id": "RHSA-2019:1147", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1149", "reference_id": "RHSA-2019:1149", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1289", "reference_id": "RHSA-2019:1289", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1289" }, { "reference_url": "https://usn.ubuntu.com/7646-1/", "reference_id": "USN-7646-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7646-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" } ], "aliases": [ "CVE-2019-5418", "GHSA-86g5-2wh3-gc9j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bz3f-a6me-a3hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12054?format=api", "vulnerability_id": "VCID-c7qj-hcu8-p7hc", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01944", "scoring_system": "epss", "scoring_elements": "0.83831", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01944", "scoring_system": "epss", "scoring_elements": "0.83887", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a" }, { "reference_url": "https://github.com/rails/rails/commits/main/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commits/main/activerecord" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140", "reference_id": "1016140", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108997", "reference_id": "2108997", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108997" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32224", "reference_id": "CVE-2022-32224", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32224" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml", "reference_id": "CVE-2022-32224.YML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml" }, { "reference_url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j", "reference_id": "GHSA-3hhc-qp5v-9p2j", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/" } ], "url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j" }, { "reference_url": "https://security.gentoo.org/glsa/202408-24", "reference_id": "GLSA-202408-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-24" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U", "reference_id": "MmFO3LYQE8U", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0261", "reference_id": "RHSA-2023:0261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1151", "reference_id": "RHSA-2023:1151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074931?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2" } ], "aliases": [ "CVE-2022-32224", "GHSA-3hhc-qp5v-9p2j" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c7qj-hcu8-p7hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20939?format=api", "vulnerability_id": "VCID-c9r4-ps21-fked", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.65314", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.65414", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47888" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47888", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47888" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319035", "reference_id": "2319035", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319035" }, { "reference_url": "https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468", "reference_id": "4f4312b21a6448336de7c7ab0c4d94b378def468", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/" } ], "url": "https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468" }, { "reference_url": "https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822", "reference_id": "727b0946c3cab04b825c039435eac963d4e91822", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/" } ], "url": "https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822" }, { "reference_url": "https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e", "reference_id": "ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/" } ], "url": "https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47888", "reference_id": "CVE-2024-47888", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47888" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml", "reference_id": "CVE-2024-47888.YML", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml" }, { "reference_url": "https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5", "reference_id": "de0df7caebd9cb238a6f10dca462dc5f8d5e98b5", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/" } ], "url": "https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5" }, { "reference_url": "https://github.com/advisories/GHSA-wwhv-wxv9-rpgw", "reference_id": "GHSA-wwhv-wxv9-rpgw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wwhv-wxv9-rpgw" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw", "reference_id": "GHSA-wwhv-wxv9-rpgw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw" }, { "reference_url": "https://usn.ubuntu.com/7290-1/", "reference_id": "USN-7290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074931?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2" } ], "aliases": [ "CVE-2024-47888", "GHSA-wwhv-wxv9-rpgw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c9r4-ps21-fked" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12570?format=api", "vulnerability_id": "VCID-cvs8-ejdv-uqhy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81785", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81846", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf" }, { "reference_url": "https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml" }, { "reference_url": "https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid" }, { "reference_url": "https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44566", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44566" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html", "reference_id": "2022-11-01-forcing-sequential-scans-on-postgresql.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/" } ], "url": "https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164789", "reference_id": "2164789", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164789" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119", "reference_id": "82119", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119" }, { "reference_url": "https://github.com/advisories/GHSA-579w-22j4-4749", "reference_id": "GHSA-579w-22j4-4749", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-579w-22j4-4749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074931?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2" } ], "aliases": [ "CVE-2022-44566", "GHSA-579w-22j4-4749", "GMS-2023-59" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvs8-ejdv-uqhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/492?format=api", "vulnerability_id": "VCID-d7kf-83av-dkes", "summary": "", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01119", "scoring_system": "epss", "scoring_elements": "0.78709", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01119", "scoring_system": "epss", "scoring_elements": "0.78644", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k" }, { "reference_url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933", "reference_id": "1301933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576", "reference_id": "CVE-2015-7576", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml", "reference_id": "CVE-2015-7576.YML", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml" }, { "reference_url": "https://github.com/advisories/GHSA-p692-7mm3-3fxg", "reference_id": "GHSA-p692-7mm3-3fxg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p692-7mm3-3fxg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074000?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078269?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2" } ], "aliases": [ "CVE-2015-7576", "GHSA-p692-7mm3-3fxg" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7kf-83av-dkes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209646?format=api", "vulnerability_id": "VCID-ez3g-ygna-jkb8", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05757", "scoring_system": "epss", "scoring_elements": "0.90663", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05757", "scoring_system": "epss", "scoring_elements": "0.90692", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22794" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0008" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20240202-0008/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164785", "reference_id": "2164785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164785" }, { "reference_url": "https://github.com/advisories/GHSA-hq7p-j377-6v63", "reference_id": "GHSA-hq7p-j377-6v63", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hq7p-j377-6v63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2023-22794", "GHSA-hq7p-j377-6v63", "GMS-2023-60" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ez3g-ygna-jkb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208116?format=api", "vulnerability_id": "VCID-fhjg-crvh-myhd", "summary": "In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8264.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8264.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0205", "scoring_system": "epss", "scoring_elements": "0.8424", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0205", "scoring_system": "epss", "scoring_elements": "0.84295", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8264" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8264", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8264" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8264.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8264.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ" }, { "reference_url": "https://hackerone.com/reports/904059", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/904059" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8264", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8264" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886554", "reference_id": "1886554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886554" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971988", "reference_id": "971988", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971988" }, { "reference_url": "https://github.com/advisories/GHSA-35mm-cc6r-8fjp", "reference_id": "GHSA-35mm-cc6r-8fjp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-35mm-cc6r-8fjp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2020-8264", "GHSA-35mm-cc6r-8fjp" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fhjg-crvh-myhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15120?format=api", "vulnerability_id": "VCID-fnx8-28wd-qqgx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01304", "scoring_system": "epss", "scoring_elements": "0.80176", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01304", "scoring_system": "epss", "scoring_elements": "0.80238", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f" }, { "reference_url": "https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0" }, { "reference_url": "https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164799", "reference_id": "2164799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164799" }, { "reference_url": "https://github.com/advisories/GHSA-8xww-x3g3-6jcv", "reference_id": "GHSA-8xww-x3g3-6jcv", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8xww-x3g3-6jcv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2023-22795", "GHSA-8xww-x3g3-6jcv", "GMS-2023-56" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnx8-28wd-qqgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178548?format=api", "vulnerability_id": "VCID-fu6v-k8cg-d3c7", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0201.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0201.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0202.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0202.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0203.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0203.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0201", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0202", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0203", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0203" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91761", "scoring_system": "epss", "scoring_elements": "0.99702", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.91761", "scoring_system": "epss", "scoring_elements": "0.99701", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0333" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=903440", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=903440" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2613", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2613" }, { "reference_url": "http://www.kb.cert.org/vuls/id/628463", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/628463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226", "reference_id": "699226", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-0333", "reference_id": "CVE-2013-0333", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-0333" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0333", "reference_id": "CVE-2013-0333", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0333" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-0333", "reference_id": "CVE-2013-0333", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-0333" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb", "reference_id": "CVE-2013-0333;OSVDB-89594", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml", "reference_id": "CVE-2013-0333.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xgr2-v94m-rc9g", "reference_id": "GHSA-xgr2-v94m-rc9g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xgr2-v94m-rc9g" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2013-0333", "GHSA-xgr2-v94m-rc9g", "OSV-89594" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fu6v-k8cg-d3c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1682?format=api", "vulnerability_id": "VCID-g6pk-2xpv-rugw", "summary": "", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.82338", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.82277", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE" }, { "reference_url": "https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3651", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3651" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/08/11/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365008", "reference_id": "1365008", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365008" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155", "reference_id": "834155", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6316", "reference_id": "CVE-2016-6316", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6316" }, { "reference_url": "https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316", "reference_id": "CVE-2016-6316", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml", "reference_id": "CVE-2016-6316.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml" }, { "reference_url": "https://github.com/advisories/GHSA-pc3m-v286-2jwj", "reference_id": "GHSA-pc3m-v286-2jwj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pc3m-v286-2jwj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1855", "reference_id": "RHSA-2016:1855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1856", "reference_id": "RHSA-2016:1856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1857", "reference_id": "RHSA-2016:1857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1858", "reference_id": "RHSA-2016:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074000?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078269?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2" } ], "aliases": [ "CVE-2016-6316", "GHSA-pc3m-v286-2jwj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6pk-2xpv-rugw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15121?format=api", "vulnerability_id": "VCID-gujm-trnh-fqaa", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01484", "scoring_system": "epss", "scoring_elements": "0.81484", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01484", "scoring_system": "epss", "scoring_elements": "0.81424", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8" }, { "reference_url": "https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22796" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164736", "reference_id": "2164736", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164736" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116", "reference_id": "82116", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "dsa-5372", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://github.com/advisories/GHSA-j6gc-792m-qgm2", "reference_id": "GHSA-j6gc-792m-qgm2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j6gc-792m-qgm2" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0009/", "reference_id": "ntap-20240202-0009", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4341", "reference_id": "RHSA-2023:4341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2023-22796", "GHSA-j6gc-792m-qgm2", "GMS-2023-61" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gujm-trnh-fqaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178543?format=api", "vulnerability_id": "VCID-gxj4-um99-mbg4", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74787", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74715", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3186" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=732156", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9" }, { "reference_url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g" }, { "reference_url": "https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3186", "reference_id": "CVE-2011-3186", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3186" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml", "reference_id": "CVE-2011-3186.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml" }, { "reference_url": "https://github.com/advisories/GHSA-fcqf-h4h4-695m", "reference_id": "GHSA-fcqf-h4h4-695m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fcqf-h4h4-695m" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2011-3186", "GHSA-fcqf-h4h4-695m", "OSV-74616" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gxj4-um99-mbg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15324?format=api", "vulnerability_id": "VCID-h6gd-uea5-u3bp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43222", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43064", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28362" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250502-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250502-0009" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058", "reference_id": "1051058", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058" }, { "reference_url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441", "reference_id": "1c3f93d1e90a3475f9ae2377ead25ccf11f71441", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217785", "reference_id": "2217785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217785" }, { "reference_url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5", "reference_id": "69e37c84e3f77d75566424c7d0015172d6a6fac5", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132", "reference_id": "83132", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132" }, { "reference_url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf", "reference_id": "GHSA-4g8v-vg43-wpgf", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7851", "reference_id": "RHSA-2023:7851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7851" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074931?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2" } ], "aliases": [ "CVE-2023-28362", "GHSA-4g8v-vg43-wpgf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gd-uea5-u3bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/739?format=api", "vulnerability_id": "VCID-hfz8-rhgw-hydt", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90494", "scoring_system": "epss", "scoring_elements": "0.99628", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00" }, { "reference_url": "https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ" }, { "reference_url": "https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801" }, { "reference_url": "https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752" }, { "reference_url": "https://www.exploit-db.com/exploits/40561", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/40561" }, { "reference_url": "http://www.securitytracker.com/id/1034816", "reference_id": "1034816", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.securitytracker.com/id/1034816" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/13", "reference_id": "13", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/13" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963", "reference_id": "1301963", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html", "reference_id": "178044.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html", "reference_id": "178069.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html" }, { "reference_url": "https://www.exploit-db.com/exploits/40561/", "reference_id": "40561", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "https://www.exploit-db.com/exploits/40561/" }, { "reference_url": "http://www.securityfocus.com/bid/81801", "reference_id": "81801", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.securityfocus.com/bid/81801" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb", "reference_id": "CVE-2016-0752", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752", "reference_id": "CVE-2016-0752", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml", "reference_id": "CVE-2016-0752.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml", "reference_id": "CVE-2016-0752.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "dsa-3464", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7", "reference_id": "GHSA-xrr4-p6fq-hjg7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ", "reference_id": "JXcBnTtZEgAJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "msg00043.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "msg00053.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "RHSA-2016-0296.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074000?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078269?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2" } ], "aliases": [ "CVE-2016-0752", "GHSA-xrr4-p6fq-hjg7" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfz8-rhgw-hydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178546?format=api", "vulnerability_id": "VCID-hh3w-dxkg-8ygx", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70134", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70224", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2620", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/11/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909528", "reference_id": "909528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909528" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0276", "reference_id": "CVE-2013-0276", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0276" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml", "reference_id": "CVE-2013-0276.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gr44-7grc-37vq", "reference_id": "GHSA-gr44-7grc-37vq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gr44-7grc-37vq" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0686", "reference_id": "RHSA-2013:0686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0686" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2013-0276", "GHSA-gr44-7grc-37vq", "OSV-90072" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hh3w-dxkg-8ygx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15312?format=api", "vulnerability_id": "VCID-jgeh-r771-5fcf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61629", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61525", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28120" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262", "reference_id": "1033262", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179637", "reference_id": "2179637", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179637" }, { "reference_url": "https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70", "reference_id": "3cf23c3f891e2e81c977ea4ab83b62bc2a444b70", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469", "reference_id": "82469", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5389", "reference_id": "dsa-5389", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5389" }, { "reference_url": "https://github.com/advisories/GHSA-pj73-v5mw-pm9j", "reference_id": "GHSA-pj73-v5mw-pm9j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pj73-v5mw-pm9j" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0006/", "reference_id": "ntap-20240202-0006", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1953", "reference_id": "RHSA-2023:1953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3495", "reference_id": "RHSA-2023:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3495" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/", "reference_id": "UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/", "reference_id": "ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2023-28120", "GHSA-pj73-v5mw-pm9j", "GMS-2023-765" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgeh-r771-5fcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11771?format=api", "vulnerability_id": "VCID-kkxa-423m-vqbt", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00852", "scoring_system": "epss", "scoring_elements": "0.75423", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00852", "scoring_system": "epss", "scoring_elements": "0.75352", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html" }, { "reference_url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982", "reference_id": "1016982", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080296", "reference_id": "2080296", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080296" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27777", "reference_id": "CVE-2022-27777", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27777" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml", "reference_id": "CVE-2022-27777.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml" }, { "reference_url": "https://github.com/advisories/GHSA-ch3h-j2vf-95pv", "reference_id": "GHSA-ch3h-j2vf-95pv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ch3h-j2vf-95pv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2022-27777", "GHSA-ch3h-j2vf-95pv", "GMS-2022-1138" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkxa-423m-vqbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8770?format=api", "vulnerability_id": "VCID-kqsm-qvtq-4kc6", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91913", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.9194", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY" }, { "reference_url": "https://hackerone.com/reports/292797", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/292797" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842634", "reference_id": "1842634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842634" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8164", "reference_id": "CVE-2020-8164", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8164" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml", "reference_id": "CVE-2020-8164.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml" }, { "reference_url": "https://github.com/advisories/GHSA-8727-m6gj-mc37", "reference_id": "GHSA-8727-m6gj-mc37", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8727-m6gj-mc37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2020-8164", "GHSA-8727-m6gj-mc37" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kqsm-qvtq-4kc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9074?format=api", "vulnerability_id": "VCID-m1pe-q2r4-zfap", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22881.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22881.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22881", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15453", "scoring_system": "epss", "scoring_elements": "0.94813", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.15453", "scoring_system": "epss", "scoring_elements": "0.94831", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22881" }, { "reference_url": "https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22881", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22881" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/blob/v6.1.2.1/actionpack/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/blob/v6.1.2.1/actionpack/CHANGELOG.md" }, { "reference_url": "https://github.com/rails/rails/commit/b5de7b3a4787d8a55aaad39f477c16e3af65e444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/b5de7b3a4787d8a55aaad39f477c16e3af65e444" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22881.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22881.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/zN_3qA26l6E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/zN_3qA26l6E" }, { "reference_url": "https://hackerone.com/reports/1047447", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1047447" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22881", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22881" }, { "reference_url": "https://rubygems.org/gems/actionpack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubygems.org/gems/actionpack" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/05/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/05/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/12/14/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/12/14/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930211", "reference_id": "1930211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930211" }, { "reference_url": "https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/", "reference_id": "CVE-2021-22881-FAILLE-DE-SECURITE-DANS-LE-MIDDLEWARE-HOSTAUTHORIZATION", "reference_type": "", "scores": [], "url": "https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/" }, { "reference_url": "https://github.com/advisories/GHSA-8877-prq4-9xfw", "reference_id": "GHSA-8877-prq4-9xfw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8877-prq4-9xfw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2021-22881", "GHSA-8877-prq4-9xfw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m1pe-q2r4-zfap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9080?format=api", "vulnerability_id": "VCID-mepe-vuu9-g3gd", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22902.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22902.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.72078", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71994", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22902" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.0.3.7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.0.3.7" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.3.2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22902.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22902.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/_5ID_ld9u1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/_5ID_ld9u1c" }, { "reference_url": "https://hackerone.com/reports/1138654", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1138654" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22902", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22902" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961382", "reference_id": "1961382", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961382" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214", "reference_id": "988214", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214" }, { "reference_url": "https://security.archlinux.org/AVG-2090", "reference_id": "AVG-2090", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2090" }, { "reference_url": "https://security.archlinux.org/AVG-2223", "reference_id": "AVG-2223", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2223" }, { "reference_url": "https://github.com/advisories/GHSA-g8ww-46x2-2p65", "reference_id": "GHSA-g8ww-46x2-2p65", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g8ww-46x2-2p65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2021-22902", "GHSA-g8ww-46x2-2p65" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mepe-vuu9-g3gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200436?format=api", "vulnerability_id": "VCID-mw4w-k3vk-y7gr", "summary": "Cross-site Scripting in actionpack", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1099", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.61105", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.61211", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1099" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=799276", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=799276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099" }, { "reference_url": "https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml" }, { "reference_url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2466", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2466" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/02/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/02/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/03/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1099", "reference_id": "CVE-2012-1099", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1099" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml", "reference_id": "CVE-2012-1099.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml" }, { "reference_url": "https://github.com/advisories/GHSA-2xjj-5x6h-8vmf", "reference_id": "GHSA-2xjj-5x6h-8vmf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xjj-5x6h-8vmf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2012-1099", "GHSA-2xjj-5x6h-8vmf", "OSV-79727" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mw4w-k3vk-y7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178541?format=api", "vulnerability_id": "VCID-ndgd-kzmk-7fab", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2931", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74769", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74698", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2931" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731436", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931" }, { "reference_url": "http://secunia.com/advisories/45921", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/45921" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2931", "reference_id": "CVE-2011-2931", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2931" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml", "reference_id": "CVE-2011-2931.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml" }, { "reference_url": "https://github.com/advisories/GHSA-v5jg-558j-q67c", "reference_id": "GHSA-v5jg-558j-q67c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v5jg-558j-q67c" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2011-2931", "GHSA-v5jg-558j-q67c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndgd-kzmk-7fab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23321?format=api", "vulnerability_id": "VCID-nrn7-7mxv-6qay", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24293.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24293.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39176", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39348", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24293" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24293", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24293" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1b1adf6ee6ca0f3104fcfce79360b2ec1e06a354", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/1b1adf6ee6ca0f3104fcfce79360b2ec1e06a354" }, { "reference_url": "https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce" }, { "reference_url": "https://github.com/rails/rails/commit/fb8f3a18c3d97524c0efc29150d1e5f3162fbb13", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/fb8f3a18c3d97524c0efc29150d1e5f3162fbb13" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2025-24293.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2025-24293.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24293", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24293" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435565", "reference_id": "2435565", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435565" }, { "reference_url": "https://github.com/advisories/GHSA-r4mg-4433-c7g3", "reference_id": "GHSA-r4mg-4433-c7g3", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-02T14:45:32Z/" } ], "url": "https://github.com/advisories/GHSA-r4mg-4433-c7g3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074931?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2" } ], "aliases": [ "CVE-2025-24293", "GHSA-r4mg-4433-c7g3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrn7-7mxv-6qay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179831?format=api", "vulnerability_id": "VCID-pbgu-3zaj-ukay", "summary": "A vulnerability in Active Record could allow a remote attacker to\n inject SQL commands.", "references": [ { "reference_url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77607", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77676", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6496" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=889649", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889649" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201401-22.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-201401-22.xml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6496", "reference_id": "CVE-2012-6496", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6496" }, { "reference_url": "https://github.com/advisories/GHSA-gh2w-j7cx-2664", "reference_id": "GHSA-gh2w-j7cx-2664", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gh2w-j7cx-2664" }, { "reference_url": "https://security.gentoo.org/glsa/201401-22", "reference_id": "GLSA-201401-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0220", "reference_id": "RHSA-2013:0220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0220" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2012-6496", "GHSA-gh2w-j7cx-2664", "OSV-88661" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pbgu-3zaj-ukay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/494?format=api", "vulnerability_id": "VCID-qz2f-jse8-9bhj", "summary": "", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7581.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7581.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08542", "scoring_system": "epss", "scoring_elements": "0.92576", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.08542", "scoring_system": "epss", "scoring_elements": "0.92601", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE" }, { "reference_url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677" }, { "reference_url": "https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/16" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981", "reference_id": "1301981", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581", "reference_id": "CVE-2015-7581", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml", "reference_id": "CVE-2015-7581.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9h6g-gp95-x3q5", "reference_id": "GHSA-9h6g-gp95-x3q5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9h6g-gp95-x3q5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074000?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078269?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2" } ], "aliases": [ "CVE-2015-7581", "GHSA-9h6g-gp95-x3q5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qz2f-jse8-9bhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20940?format=api", "vulnerability_id": "VCID-resj-j2ea-hbck", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55208", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55329", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47889" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47889", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47889" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94", "reference_id": "0e5694f4d32544532d2301a9b4084eacb6986e94", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/" } ], "url": "https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319033", "reference_id": "2319033", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319033" }, { "reference_url": "https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3", "reference_id": "3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/" } ], "url": "https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3" }, { "reference_url": "https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9", "reference_id": "985f1923fa62806ff676e41de67c3b4552131ab9", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/" } ], "url": "https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9" }, { "reference_url": "https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e", "reference_id": "be898cc996986decfe238341d96b2a6573b8fd2e", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/" } ], "url": "https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47889", "reference_id": "CVE-2024-47889", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47889" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml", "reference_id": "CVE-2024-47889.YML", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml" }, { "reference_url": "https://github.com/advisories/GHSA-h47h-mwp9-c6q6", "reference_id": "GHSA-h47h-mwp9-c6q6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h47h-mwp9-c6q6" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6", "reference_id": "GHSA-h47h-mwp9-c6q6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6" }, { "reference_url": "https://usn.ubuntu.com/7290-1/", "reference_id": "USN-7290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074931?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2" } ], "aliases": [ "CVE-2024-47889", "GHSA-h47h-mwp9-c6q6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-resj-j2ea-hbck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178549?format=api", "vulnerability_id": "VCID-rhyd-xbpb-wufa", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0699", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.83232", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.83171", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1854" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE" }, { "reference_url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-1854", "reference_id": "CVE-2013-1854", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-1854" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1854", "reference_id": "CVE-2013-1854", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1854" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml", "reference_id": "CVE-2013-1854.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml" }, { "reference_url": "https://github.com/advisories/GHSA-3crr-9vmg-864v", "reference_id": "GHSA-3crr-9vmg-864v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3crr-9vmg-864v" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2013-1854", "GHSA-3crr-9vmg-864v", "OSV-91453" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhyd-xbpb-wufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1683?format=api", "vulnerability_id": "VCID-runz-vm7e-a3fs", "summary": "", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6317", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.60029", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59921", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/08/11/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365017", "reference_id": "1365017", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365017" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154", "reference_id": "834154", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6317", "reference_id": "CVE-2016-6317", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6317" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml", "reference_id": "CVE-2016-6317.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml" }, { "reference_url": "https://github.com/advisories/GHSA-pr3r-4wrp-r2pv", "reference_id": "GHSA-pr3r-4wrp-r2pv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pr3r-4wrp-r2pv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1855", "reference_id": "RHSA-2016:1855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1855" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078269?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2" } ], "aliases": [ "CVE-2016-6317", "GHSA-pr3r-4wrp-r2pv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-runz-vm7e-a3fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/202644?format=api", "vulnerability_id": "VCID-sck9-xd5q-fuga", "summary": "Exposure of Sensitive Information to an Unauthorized Actor in activestorage", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49699", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49836", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16477" }, { "reference_url": "https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg" }, { "reference_url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848", "reference_id": "914848", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16477", "reference_id": "CVE-2018-16477", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16477" }, { "reference_url": "https://github.com/advisories/GHSA-7rr7-rcjw-56vj", "reference_id": "GHSA-7rr7-rcjw-56vj", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7rr7-rcjw-56vj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" } ], "aliases": [ "CVE-2018-16477", "GHSA-7rr7-rcjw-56vj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sck9-xd5q-fuga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199890?format=api", "vulnerability_id": "VCID-sth3-da79-67bt", "summary": "Active Record subject to strong parameters protection bypass", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/08/18/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/08/18/10" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1102.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1102.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56418", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56537", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131240", "reference_id": "1131240", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131240" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3514", "reference_id": "CVE-2014-3514", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3514" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml", "reference_id": "CVE-2014-3514.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9rf5-jm6f-2fmm", "reference_id": "GHSA-9rf5-jm6f-2fmm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9rf5-jm6f-2fmm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1102", "reference_id": "RHSA-2014:1102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1102" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073999?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1" } ], "aliases": [ "CVE-2014-3514", "GHSA-9rf5-jm6f-2fmm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sth3-da79-67bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206941?format=api", "vulnerability_id": "VCID-tnty-pw45-4ug3", "summary": "actionpack Open Redirect in Host Authorization Middleware", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44528.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.28611", "scoring_system": "epss", "scoring_elements": "0.96642", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.28611", "scoring_system": "epss", "scoring_elements": "0.96653", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/blob/v6.1.4.2/actionpack/CHANGELOG.md#rails-6142-december-14-2021", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/blob/v6.1.4.2/actionpack/CHANGELOG.md#rails-6142-december-14-2021" }, { "reference_url": "https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815" }, { "reference_url": "https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ?utm_medium=email&utm_source=footer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ?utm_medium=email&utm_source=footer" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240208-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240208-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240208-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20240208-0003/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001817", "reference_id": "1001817", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001817" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034266", "reference_id": "2034266", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034266" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44528", "reference_id": "CVE-2021-44528", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44528" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-44528.yml", "reference_id": "CVE-2021-44528.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-44528.yml" }, { "reference_url": "https://github.com/advisories/GHSA-qphc-hf5q-v8fc", "reference_id": "GHSA-qphc-hf5q-v8fc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qphc-hf5q-v8fc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2021-44528", "GHSA-qphc-hf5q-v8fc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tnty-pw45-4ug3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/182783?format=api", "vulnerability_id": "VCID-tp7w-62cp-2yhr", "summary": "security update", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86668", "scoring_system": "epss", "scoring_elements": "0.99442", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.86668", "scoring_system": "epss", "scoring_elements": "0.99443", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q" }, { "reference_url": "https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725" }, { "reference_url": "https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ" }, { "reference_url": "https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122" }, { "reference_url": "https://www.exploit-db.com/exploits/40086", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/40086" }, { "reference_url": "https://www.exploit-db.com/exploits/40086/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/40086/" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3509", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3509" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054", "reference_id": "1310054", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb", "reference_id": "CVE-2016-2098", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098", "reference_id": "CVE-2016-2098", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml", "reference_id": "CVE-2016-2098.YML", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml" }, { "reference_url": "https://github.com/advisories/GHSA-78rc-8c29-p45g", "reference_id": "GHSA-78rc-8c29-p45g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-78rc-8c29-p45g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0456", "reference_id": "RHSA-2016:0456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0456" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074000?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1078269?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2" } ], "aliases": [ "CVE-2016-2098", "GHSA-78rc-8c29-p45g" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tp7w-62cp-2yhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132023?format=api", "vulnerability_id": "VCID-u15m-jr9m-wyd3", "summary": "ActiveSupport::EncryptedFile writes contents that will be encrypted to a\r\ntemporary file. The temporary file's permissions are defaulted to the user's\r\ncurrent `umask` settings, meaning that it's possible for other users on the\r\nsame system to read the contents of the temporary file.\r\n\r\nAttackers that have access to the file system could possibly read the contents\r\nof this temporary file while a user is editing it.\r\n\r\nAll users running an affected release should either upgrade or use one of the\r\nworkarounds immediately.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38037", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.266", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26399", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.7.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38037", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38037" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250214-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250214-0010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057", "reference_id": "1051057", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236261", "reference_id": "2236261", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236261" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544", "reference_id": "83544", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:42Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544" }, { "reference_url": "https://github.com/advisories/GHSA-cr5q-6q9f-rq6q", "reference_id": "GHSA-cr5q-6q9f-rq6q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cr5q-6q9f-rq6q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7720", "reference_id": "RHSA-2023:7720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0268", "reference_id": "RHSA-2024:0268", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2010", "reference_id": "RHSA-2024:2010", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2010" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074931?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2" } ], "aliases": [ "CVE-2023-38037", "GHSA-cr5q-6q9f-rq6q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u15m-jr9m-wyd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178540?format=api", "vulnerability_id": "VCID-u2gv-wvdc-tfbs", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.7686", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76929", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2930" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731438", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2930", "reference_id": "CVE-2011-2930", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2930" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml", "reference_id": "CVE-2011-2930.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml" }, { "reference_url": "https://github.com/advisories/GHSA-h6w6-xmqv-7q78", "reference_id": "GHSA-h6w6-xmqv-7q78", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6w6-xmqv-7q78" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2011-2930", "GHSA-h6w6-xmqv-7q78" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2gv-wvdc-tfbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4950?format=api", "vulnerability_id": "VCID-usqn-hb81-pyf6", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0600", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0600" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16476.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16476.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.74405", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.74332", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16476" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/970b0d754be7c71a760d9b807eea32297fd838e3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/970b0d754be7c71a760d9b807eea32297fd838e3" }, { "reference_url": "https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw" }, { "reference_url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659223", "reference_id": "1659223", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659223" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914847", "reference_id": "914847", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914847" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16476", "reference_id": "CVE-2018-16476", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16476" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/CVE-2018-16476.yml", "reference_id": "CVE-2018-16476.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/CVE-2018-16476.yml" }, { "reference_url": "https://github.com/advisories/GHSA-q2qw-rmrh-vv42", "reference_id": "GHSA-q2qw-rmrh-vv42", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q2qw-rmrh-vv42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" } ], "aliases": [ "CVE-2018-16476", "GHSA-q2qw-rmrh-vv42" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-usqn-hb81-pyf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9077?format=api", "vulnerability_id": "VCID-uzrf-6puc-kygc", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79856", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.7992", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI" }, { "reference_url": "https://hackerone.com/reports/1106652", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1106652" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22885" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210805-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210805-0009/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-4929" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957441", "reference_id": "1957441", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957441" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214", "reference_id": "988214", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214" }, { "reference_url": "https://security.archlinux.org/AVG-1920", "reference_id": "AVG-1920", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1920" }, { "reference_url": "https://security.archlinux.org/AVG-1921", "reference_id": "AVG-1921", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1921" }, { "reference_url": "https://security.archlinux.org/AVG-2090", "reference_id": "AVG-2090", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2090" }, { "reference_url": "https://security.archlinux.org/AVG-2223", "reference_id": "AVG-2223", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2223" }, { "reference_url": "https://github.com/advisories/GHSA-hjg4-8q5f-x6fm", "reference_id": "GHSA-hjg4-8q5f-x6fm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hjg4-8q5f-x6fm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2021-22885", "GHSA-hjg4-8q5f-x6fm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uzrf-6puc-kygc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178550?format=api", "vulnerability_id": "VCID-v1py-zs44-n7cz", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0698", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.6799", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67902", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1855" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921331", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-1855", "reference_id": "CVE-2013-1855", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-1855" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1855", "reference_id": "CVE-2013-1855", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1855" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml", "reference_id": "CVE-2013-1855.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml" }, { "reference_url": "https://github.com/advisories/GHSA-q759-hwvc-m3jg", "reference_id": "GHSA-q759-hwvc-m3jg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q759-hwvc-m3jg" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073998?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" } ], "aliases": [ "CVE-2013-1855", "GHSA-q759-hwvc-m3jg", "OSV-91452" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1py-zs44-n7cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8769?format=api", "vulnerability_id": "VCID-vazh-rc42-puhy", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91071", "scoring_system": "epss", "scoring_elements": "0.9966", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.91071", "scoring_system": "epss", "scoring_elements": "0.99659", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0" }, { "reference_url": "https://hackerone.com/reports/304805", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/304805" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848724", "reference_id": "1848724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848724" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb", "reference_id": "CVE-2020-8163", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8163", "reference_id": "CVE-2020-8163", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8163" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml", "reference_id": "CVE-2020-8163.YML", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml" }, { "reference_url": "https://github.com/advisories/GHSA-cr3x-7m39-c6jq", "reference_id": "GHSA-cr3x-7m39-c6jq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cr3x-7m39-c6jq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" } ], "aliases": [ "CVE-2020-8163", "GHSA-cr3x-7m39-c6jq" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vazh-rc42-puhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199836?format=api", "vulnerability_id": "VCID-vczd-qydk-1bhj", "summary": "Directory traversal vulnerability in actionpack", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50258", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50392", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk" }, { "reference_url": "https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183" }, { "reference_url": "http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164659", "reference_id": "1164659", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164659" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934", "reference_id": "770934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7829", "reference_id": "CVE-2014-7829", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7829" }, { "reference_url": "https://puppet.com/security/cve/cve-2014-7829", "reference_id": "CVE-2014-7829", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2014-7829" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml", "reference_id": "CVE-2014-7829.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml" }, { "reference_url": "https://github.com/advisories/GHSA-h56m-vwxc-3qpw", "reference_id": "GHSA-h56m-vwxc-3qpw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h56m-vwxc-3qpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073999?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1" } ], "aliases": [ "CVE-2014-7829", "GHSA-h56m-vwxc-3qpw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vczd-qydk-1bhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7857?format=api", "vulnerability_id": "VCID-vfmh-49eu-gbh8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.79192", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.79256", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877566", "reference_id": "1877566", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877566" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040", "reference_id": "970040", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15169", "reference_id": "CVE-2020-15169", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15169" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml", "reference_id": "CVE-2020-15169.YML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml" }, { "reference_url": "https://github.com/advisories/GHSA-cfjv-5498-mph5", "reference_id": "GHSA-cfjv-5498-mph5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cfjv-5498-mph5" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5", "reference_id": "GHSA-cfjv-5498-mph5", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1078270?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2020-15169", "GHSA-cfjv-5498-mph5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfmh-49eu-gbh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11407?format=api", "vulnerability_id": "VCID-x5c1-by5h-ubau", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21831.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21831.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.81072", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.81012", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html" }, { "reference_url": "https://rubysec.com/advisories/CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubysec.com/advisories/CVE-2022-21831" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221118-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20221118-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221118-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20221118-0001/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940", "reference_id": "1011940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064747", "reference_id": "2064747", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064747" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21831", "reference_id": "CVE-2022-21831", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21831" }, { "reference_url": "https://rubysec.com/advisories/CVE-2022-21831/", "reference_id": "CVE-2022-21831", "reference_type": "", "scores": [], "url": "https://rubysec.com/advisories/CVE-2022-21831/" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.yml", "reference_id": "CVE-2022-21831.YML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.yml" }, { "reference_url": "https://github.com/advisories/GHSA-w749-p3v6-hccq", "reference_id": "GHSA-w749-p3v6-hccq", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w749-p3v6-hccq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074930?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2" } ], "aliases": [ "CVE-2022-21831", "GHSA-w749-p3v6-hccq", "GMS-2022-301" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5c1-by5h-ubau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20938?format=api", "vulnerability_id": "VCID-zbyh-ajmd-tybh", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50971", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.51102", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319034", "reference_id": "2319034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319034" }, { "reference_url": "https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049", "reference_id": "56b2fc3302836405b496e196a8d5fc0195e55049", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049" }, { "reference_url": "https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a", "reference_id": "7c1398854d51f9bb193fb79f226647351133d08a", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a" }, { "reference_url": "https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545", "reference_id": "8e057db25bff1dc7a98e9ae72e0083825b9ac545", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47887", "reference_id": "CVE-2024-47887", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47887" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml", "reference_id": "CVE-2024-47887.YML", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml" }, { "reference_url": "https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2", "reference_id": "f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2" }, { "reference_url": "https://github.com/advisories/GHSA-vfg9-r3fq-jvx4", "reference_id": "GHSA-vfg9-r3fq-jvx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vfg9-r3fq-jvx4" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4", "reference_id": "GHSA-vfg9-r3fq-jvx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4" }, { "reference_url": "https://usn.ubuntu.com/7290-1/", "reference_id": "USN-7290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074931?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2" } ], "aliases": [ "CVE-2024-47887", "GHSA-vfg9-r3fq-jvx4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbyh-ajmd-tybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31082?format=api", "vulnerability_id": "VCID-zxy2-w4m6-tucw", "summary": "Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1 contain a fix. As a workaround, applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40906", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40739", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54133", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54133" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250306-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250306-0010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755", "reference_id": "1089755", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331619", "reference_id": "2331619", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331619" }, { "reference_url": "https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49", "reference_id": "2e3f41e4538b9ca1044357f6644f037bbb7c6c49", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49" }, { "reference_url": "https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a", "reference_id": "3da2479cfe1e00177114b17e496213c40d286b3a", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a" }, { "reference_url": "https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542", "reference_id": "5558e72f22fc69c1c407b31ac5fb3b4ce087b542", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542" }, { "reference_url": "https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d", "reference_id": "cb16a3bb515b5d769f73926d9757270ace691f1d", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d" }, { "reference_url": "https://github.com/advisories/GHSA-vfm5-rmrh-j26v", "reference_id": "GHSA-vfm5-rmrh-j26v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vfm5-rmrh-j26v" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v", "reference_id": "GHSA-vfm5-rmrh-j26v", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1074931?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-8q5p-kbjf-2fgc" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-fspa-dfnv-jyd3" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-m814-bzwg-fbc1" }, { "vulnerability": "VCID-mjy3-9dkc-5fgq" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-sxdt-xfjy-8bbm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2" } ], "aliases": [ "CVE-2024-54133", "GHSA-vfm5-rmrh-j26v" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxy2-w4m6-tucw" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183408?format=api", "vulnerability_id": "VCID-a67r-11ec-zffe", "summary": "Multiple vulnerabilities have been discovered in Rails, the worst of which\n leading to the execution of arbitrary SQL statements.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "reference_url": "http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61434", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.6133", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422" }, { "reference_url": "http://secunia.com/advisories/35702", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/35702" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51528", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51528" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702" }, { "reference_url": "https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579" }, { "reference_url": "http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest" }, { "reference_url": "http://www.securityfocus.com/bid/35579", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/35579" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/1802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/1802" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=509564", "reference_id": "509564", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509564" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896", "reference_id": "535896", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2422", "reference_id": "CVE-2009-2422", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2422" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml", "reference_id": "CVE-2009-2422.YML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml" }, { "reference_url": "https://github.com/advisories/GHSA-rxq3-gm4p-5fj4", "reference_id": "GHSA-rxq3-gm4p-5fj4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxq3-gm4p-5fj4" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073997?format=api", "purl": "pkg:deb/debian/rails@2.3.5-1.2%2Bsqueeze8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-39m4-12ms-skh2" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3nsx-u3u3-7fh7" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-3ser-nhqn-mbar" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-gxj4-um99-mbg4" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-hh3w-dxkg-8ygx" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-pbgu-3zaj-ukay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-rhyd-xbpb-wufa" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1.2%252Bsqueeze8" } ], "aliases": [ "CVE-2009-2422", "GHSA-rxq3-gm4p-5fj4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a67r-11ec-zffe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183410?format=api", "vulnerability_id": "VCID-bn9m-pqu3-bffj", "summary": "Multiple vulnerabilities have been discovered in Rails, the worst of which\n leading to the execution of arbitrary SQL statements.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68618", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68711", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0" }, { "reference_url": "https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978" }, { "reference_url": "https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686" }, { "reference_url": "https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600" }, { "reference_url": "https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427" }, { "reference_url": "http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2260", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2260" }, { "reference_url": "http://www.securityfocus.com/bid/37427", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/37427" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "545063", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3086", "reference_id": "CVE-2009-3086", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3086" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml", "reference_id": "CVE-2009-3086.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml", "reference_id": "CVE-2009-3086.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml" }, { "reference_url": "https://github.com/advisories/GHSA-fg9w-g6m4-557j", "reference_id": "GHSA-fg9w-g6m4-557j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fg9w-g6m4-557j" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073997?format=api", "purl": "pkg:deb/debian/rails@2.3.5-1.2%2Bsqueeze8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-39m4-12ms-skh2" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3nsx-u3u3-7fh7" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-3ser-nhqn-mbar" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-gxj4-um99-mbg4" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-hh3w-dxkg-8ygx" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-pbgu-3zaj-ukay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-rhyd-xbpb-wufa" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1.2%252Bsqueeze8" } ], "aliases": [ "CVE-2009-3086", "GHSA-fg9w-g6m4-557j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bn9m-pqu3-bffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183407?format=api", "vulnerability_id": "VCID-cab4-yeek-cfcw", "summary": "Multiple vulnerabilities have been discovered in Rails, the worst of which\n leading to the execution of arbitrary SQL statements.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en" }, { "reference_url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup" }, { "reference_url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-7248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11409", "scoring_system": "epss", "scoring_elements": "0.93758", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.11409", "scoring_system": "epss", "scoring_elements": "0.93738", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-7248" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=544329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" }, { "reference_url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup" }, { "reference_url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/" }, { "reference_url": "https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2009/11/28/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2009/11/28/1" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2009/12/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2009/12/02/2" }, { "reference_url": "https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html" }, { "reference_url": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/28/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/28/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/12/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/12/02/2" }, { "reference_url": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685", "reference_id": "558685", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2008-7248", "reference_id": "CVE-2008-7248", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2008-7248" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7248", "reference_id": "CVE-2008-7248", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7248" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt", "reference_id": "CVE-2008-7248;OSVDB-61124", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt" }, { "reference_url": "https://www.securityfocus.com/bid/37322/info", "reference_id": "CVE-2008-7248;OSVDB-61124", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/37322/info" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml", "reference_id": "CVE-2008-7248.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml" }, { "reference_url": "https://github.com/advisories/GHSA-8fqx-7pv4-3jwm", "reference_id": "GHSA-8fqx-7pv4-3jwm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fqx-7pv4-3jwm" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073997?format=api", "purl": "pkg:deb/debian/rails@2.3.5-1.2%2Bsqueeze8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-39m4-12ms-skh2" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3nsx-u3u3-7fh7" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-3ser-nhqn-mbar" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-gxj4-um99-mbg4" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-hh3w-dxkg-8ygx" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-pbgu-3zaj-ukay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-rhyd-xbpb-wufa" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1.2%252Bsqueeze8" } ], "aliases": [ "CVE-2008-7248", "GHSA-8fqx-7pv4-3jwm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cab4-yeek-cfcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183411?format=api", "vulnerability_id": "VCID-fry8-r6k2-auf2", "summary": "Multiple vulnerabilities have been discovered in Rails, the worst of which\n leading to the execution of arbitrary SQL statements.", "references": [ { "reference_url": "http://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/rails/rails" }, { "reference_url": "http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5" }, { "reference_url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.82379", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.82318", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214" }, { "reference_url": "http://secunia.com/advisories/37446", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/37446" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2260", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2260" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/27/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/27/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/12/08/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/12/08/3" }, { "reference_url": "http://www.securityfocus.com/bid/37142", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/37142" }, { "reference_url": "http://www.securitytracker.com/id?1023245", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id?1023245" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3352", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2009/3352" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=542786", "reference_id": "542786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=542786" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685", "reference_id": "558685", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4214", "reference_id": "CVE-2009-4214", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4214" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml", "reference_id": "CVE-2009-4214.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9p3v-wf2w-v29c", "reference_id": "GHSA-9p3v-wf2w-v29c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9p3v-wf2w-v29c" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073997?format=api", "purl": "pkg:deb/debian/rails@2.3.5-1.2%2Bsqueeze8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-39m4-12ms-skh2" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3nsx-u3u3-7fh7" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-3ser-nhqn-mbar" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-gxj4-um99-mbg4" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-hh3w-dxkg-8ygx" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-pbgu-3zaj-ukay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-rhyd-xbpb-wufa" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1.2%252Bsqueeze8" } ], "aliases": [ "CVE-2009-4214", "GHSA-9p3v-wf2w-v29c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fry8-r6k2-auf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183409?format=api", "vulnerability_id": "VCID-ryyh-3t4j-hygv", "summary": "Multiple vulnerabilities have been discovered in Rails, the worst of which\n leading to the execution of arbitrary SQL statements.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.82379", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.82318", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "http://secunia.com/advisories/36717", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36717" }, { "reference_url": "http://securitytracker.com/id?1022824", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1022824" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53036", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53036" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2009/dsa-1887", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2009/dsa-1887" }, { "reference_url": "http://www.osvdb.org/57666", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.osvdb.org/57666" }, { "reference_url": "http://www.securityfocus.com/bid/36278", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/36278" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=520843", "reference_id": "520843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520843" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "545063", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3009", "reference_id": "CVE-2009-3009", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3009" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml", "reference_id": "CVE-2009-3009.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml" }, { "reference_url": "https://github.com/advisories/GHSA-8qrh-h9m2-5fvf", "reference_id": "GHSA-8qrh-h9m2-5fvf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8qrh-h9m2-5fvf" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073997?format=api", "purl": "pkg:deb/debian/rails@2.3.5-1.2%2Bsqueeze8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-214c-rjny-9ud4" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-39m4-12ms-skh2" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-3nsx-u3u3-7fh7" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-3ser-nhqn-mbar" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-94u9-8r8a-rufw" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-abxz-4rbx-zfhe" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-b8tc-n7vg-wkdd" }, { "vulnerability": "VCID-bqps-e1sm-xkhe" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-c9r4-ps21-fked" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-gxj4-um99-mbg4" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-hh3w-dxkg-8ygx" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-nrn7-7mxv-6qay" }, { "vulnerability": "VCID-pbgu-3zaj-ukay" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-resj-j2ea-hbck" }, { "vulnerability": "VCID-rhyd-xbpb-wufa" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sck9-xd5q-fuga" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" }, { "vulnerability": "VCID-usqn-hb81-pyf6" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" }, { "vulnerability": "VCID-x5c1-by5h-ubau" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1.2%252Bsqueeze8" } ], "aliases": [ "CVE-2009-3009", "GHSA-8qrh-h9m2-5fvf", "OSV-57666" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryyh-3t4j-hygv" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1.2%252Bsqueeze8" }