Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/ruby200-rubygem-eventmachine@1.0.7-2?arch=el6cf
Typerpm
Namespaceredhat
Nameruby200-rubygem-eventmachine
Version1.0.7-2
Qualifiers
arch el6cf
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-65ha-wgr4-eqd4
vulnerability_id VCID-65ha-wgr4-eqd4
summary 
Reflective XSS Vulnerability
When a translation is missing, the HTML exception message raised does not escape the keys. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html
1
reference_url https://access.redhat.com/errata/RHBA-2015:1100
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2015:1100
2
reference_url https://access.redhat.com/errata/RHSA-2017:0320
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:0320
3
reference_url https://access.redhat.com/errata/RHSA-2018:0380
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0380
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4492.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4492.json
5
reference_url https://access.redhat.com/security/cve/CVE-2013-4492
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-4492
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4492
reference_id
reference_type
scores
0
value 0.00445
scoring_system epss
scoring_elements 0.63446
published_at 2026-04-16T12:55:00Z
1
value 0.00445
scoring_system epss
scoring_elements 0.63453
published_at 2026-04-18T12:55:00Z
2
value 0.00445
scoring_system epss
scoring_elements 0.63447
published_at 2026-04-12T12:55:00Z
3
value 0.00445
scoring_system epss
scoring_elements 0.63463
published_at 2026-04-11T12:55:00Z
4
value 0.00445
scoring_system epss
scoring_elements 0.63323
published_at 2026-04-01T12:55:00Z
5
value 0.00445
scoring_system epss
scoring_elements 0.63384
published_at 2026-04-02T12:55:00Z
6
value 0.00445
scoring_system epss
scoring_elements 0.63411
published_at 2026-04-13T12:55:00Z
7
value 0.00445
scoring_system epss
scoring_elements 0.63376
published_at 2026-04-07T12:55:00Z
8
value 0.00445
scoring_system epss
scoring_elements 0.63428
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4492
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1039435
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1039435
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4492
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4492
9
reference_url https://github.com/advisories/GHSA-r5hc-9xx5-97rw
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r5hc-9xx5-97rw
10
reference_url https://github.com/ruby-i18n/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby-i18n/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/i18n/CVE-2013-4492.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/i18n/CVE-2013-4492.yml
12
reference_url https://github.com/svenfuchs/i18n
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/svenfuchs/i18n
13
reference_url https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445
14
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ
reference_id
reference_type
scores
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ
15
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998
16
reference_url https://web.archive.org/web/20201208125214/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208125214/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ
17
reference_url https://web.archive.org/web/20210731082547/http://www.securityfocus.com/bid/64076
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210731082547/http://www.securityfocus.com/bid/64076
18
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
19
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
20
reference_url http://www.debian.org/security/2013/dsa-2830
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2830
21
reference_url http://www.securityfocus.com/bid/64076
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/64076
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4492
reference_id CVE-2013-4492
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4492
fixed_packages
aliases CVE-2013-4492, GHSA-r5hc-9xx5-97rw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65ha-wgr4-eqd4
1
url VCID-e3j5-xgbr-2qa1
vulnerability_id VCID-e3j5-xgbr-2qa1
summary 
Possible DoS Vulnerability
A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: `"some string #{user_input}" % some_number`
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4389
reference_id
reference_type
scores
0
value 0.01333
scoring_system epss
scoring_elements 0.79991
published_at 2026-04-18T12:55:00Z
1
value 0.01333
scoring_system epss
scoring_elements 0.79921
published_at 2026-04-02T12:55:00Z
2
value 0.01333
scoring_system epss
scoring_elements 0.79942
published_at 2026-04-04T12:55:00Z
3
value 0.01333
scoring_system epss
scoring_elements 0.7993
published_at 2026-04-07T12:55:00Z
4
value 0.01333
scoring_system epss
scoring_elements 0.79959
published_at 2026-04-08T12:55:00Z
5
value 0.01333
scoring_system epss
scoring_elements 0.79968
published_at 2026-04-09T12:55:00Z
6
value 0.01333
scoring_system epss
scoring_elements 0.79988
published_at 2026-04-11T12:55:00Z
7
value 0.01333
scoring_system epss
scoring_elements 0.79971
published_at 2026-04-12T12:55:00Z
8
value 0.01333
scoring_system epss
scoring_elements 0.79963
published_at 2026-04-13T12:55:00Z
9
value 0.01333
scoring_system epss
scoring_elements 0.79914
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4389
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
10
reference_url http://seclists.org/oss-sec/2013/q4/118
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/118
11
reference_url https://github.com/advisories/GHSA-rg5m-3fqp-6px8
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rg5m-3fqp-6px8
12
reference_url https://github.com/rails/rails/tree/main/actionmailer
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/tree/main/actionmailer
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4389
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4389
15
reference_url https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ
16
reference_url http://www.debian.org/security/2014/dsa-2887
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2887
17
reference_url http://www.debian.org/security/2014/dsa-2888
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2888
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1013913
reference_id 1013913
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1013913
fixed_packages
aliases CVE-2013-4389, GHSA-rg5m-3fqp-6px8, OSV-98629
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3j5-xgbr-2qa1
2
url VCID-g8de-56gr-37cf
vulnerability_id VCID-g8de-56gr-37cf
summary 
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside an application's root directory. The files will not be served, but attackers can determine whether the file exists.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html
4
reference_url https://access.redhat.com/errata/RHBA-2015:1100
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2015:1100
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7819.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7819.json
6
reference_url https://access.redhat.com/security/cve/CVE-2014-7819
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-7819
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7819
reference_id
reference_type
scores
0
value 0.00748
scoring_system epss
scoring_elements 0.73153
published_at 2026-04-18T12:55:00Z
1
value 0.00748
scoring_system epss
scoring_elements 0.73052
published_at 2026-04-07T12:55:00Z
2
value 0.00748
scoring_system epss
scoring_elements 0.73089
published_at 2026-04-08T12:55:00Z
3
value 0.00748
scoring_system epss
scoring_elements 0.73102
published_at 2026-04-09T12:55:00Z
4
value 0.00748
scoring_system epss
scoring_elements 0.73127
published_at 2026-04-11T12:55:00Z
5
value 0.00748
scoring_system epss
scoring_elements 0.73106
published_at 2026-04-12T12:55:00Z
6
value 0.00748
scoring_system epss
scoring_elements 0.731
published_at 2026-04-13T12:55:00Z
7
value 0.00748
scoring_system epss
scoring_elements 0.73143
published_at 2026-04-16T12:55:00Z
8
value 0.00748
scoring_system epss
scoring_elements 0.73048
published_at 2026-04-01T12:55:00Z
9
value 0.00748
scoring_system epss
scoring_elements 0.73058
published_at 2026-04-02T12:55:00Z
10
value 0.00748
scoring_system epss
scoring_elements 0.73078
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7819
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1161527
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1161527
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819
10
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ
11
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ
12
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7819
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7819
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:2.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sprockets_project:sprockets:2.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:2.6.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta1:*:*:*:*:*:*
reference_id cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta1:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta2:*:*:*:*:*:*
reference_id cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta2:*:*:*:*:*:*
18
reference_url https://github.com/advisories/GHSA-33pp-3763-mrfp
reference_id GHSA-33pp-3763-mrfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33pp-3763-mrfp
fixed_packages
aliases CVE-2014-7819, GHSA-33pp-3763-mrfp, OSV-113965
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8de-56gr-37cf
3
url VCID-jggb-58ap-ybab
vulnerability_id VCID-jggb-58ap-ybab
summary 
Log Plaintext Password Local Disclosure
REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3448.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3448.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3448
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.20294
published_at 2026-04-18T12:55:00Z
1
value 0.00065
scoring_system epss
scoring_elements 0.20375
published_at 2026-04-09T12:55:00Z
2
value 0.00065
scoring_system epss
scoring_elements 0.20405
published_at 2026-04-11T12:55:00Z
3
value 0.00065
scoring_system epss
scoring_elements 0.20359
published_at 2026-04-12T12:55:00Z
4
value 0.00065
scoring_system epss
scoring_elements 0.20301
published_at 2026-04-13T12:55:00Z
5
value 0.00065
scoring_system epss
scoring_elements 0.20289
published_at 2026-04-16T12:55:00Z
6
value 0.00065
scoring_system epss
scoring_elements 0.20307
published_at 2026-04-01T12:55:00Z
7
value 0.00065
scoring_system epss
scoring_elements 0.20451
published_at 2026-04-02T12:55:00Z
8
value 0.00065
scoring_system epss
scoring_elements 0.20511
published_at 2026-04-04T12:55:00Z
9
value 0.00065
scoring_system epss
scoring_elements 0.20236
published_at 2026-04-07T12:55:00Z
10
value 0.00065
scoring_system epss
scoring_elements 0.20317
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3448
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3448
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3448
4
reference_url https://github.com/rest-client/rest-client
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rest-client/rest-client
5
reference_url https://github.com/rest-client/rest-client/issues/349
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rest-client/rest-client/issues/349
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3448
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3448
7
reference_url https://web.archive.org/web/20200228154247/http://www.securityfocus.com/bid/74415
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228154247/http://www.securityfocus.com/bid/74415
8
reference_url http://www.osvdb.org/show/osvdb/117461
reference_id
reference_type
scores
url http://www.osvdb.org/show/osvdb/117461
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1240982
reference_id 1240982
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1240982
10
reference_url https://github.com/advisories/GHSA-mx9f-w8qq-q5jf
reference_id GHSA-mx9f-w8qq-q5jf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mx9f-w8qq-q5jf
11
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
aliases CVE-2015-3448, GHSA-mx9f-w8qq-q5jf
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jggb-58ap-ybab
4
url VCID-vhdm-w6p1-uuh9
vulnerability_id VCID-vhdm-w6p1-uuh9
summary 
Session fixation vulnerability via Set-Cookie headers
The package rest-client in `abstract_response.rb` improperly handles `Set-Cookie` headers on HTTP redirection responses. Any cookies will be forwarded to the redirection target regardless of domain, path, or expiration. If you control a redirection source, you can cause rest-client to perform a request to any third-party domain with cookies of your choosing, which may be useful in performing a session fixation attack. If you control a redirection target, you can steal any cookies set by the third-party redirection request.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1820.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1820.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1820
reference_id
reference_type
scores
0
value 0.03723
scoring_system epss
scoring_elements 0.87939
published_at 2026-04-02T12:55:00Z
1
value 0.03723
scoring_system epss
scoring_elements 0.87999
published_at 2026-04-18T12:55:00Z
2
value 0.03723
scoring_system epss
scoring_elements 0.88001
published_at 2026-04-16T12:55:00Z
3
value 0.03723
scoring_system epss
scoring_elements 0.87987
published_at 2026-04-13T12:55:00Z
4
value 0.03723
scoring_system epss
scoring_elements 0.87995
published_at 2026-04-11T12:55:00Z
5
value 0.03723
scoring_system epss
scoring_elements 0.87984
published_at 2026-04-09T12:55:00Z
6
value 0.03723
scoring_system epss
scoring_elements 0.87977
published_at 2026-04-08T12:55:00Z
7
value 0.03723
scoring_system epss
scoring_elements 0.87956
published_at 2026-04-07T12:55:00Z
8
value 0.03723
scoring_system epss
scoring_elements 0.87929
published_at 2026-04-01T12:55:00Z
9
value 0.03723
scoring_system epss
scoring_elements 0.87952
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1820
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1205291
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1205291
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1820
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1820
4
reference_url https://github.com/rest-client/rest-client
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rest-client/rest-client
5
reference_url https://github.com/rest-client/rest-client/issues/369
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rest-client/rest-client/issues/369
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1820
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1820
7
reference_url https://rubygems.org/gems/rest-client/versions/1.6.1.a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/rest-client/versions/1.6.1.a
8
reference_url https://web.archive.org/web/20200228080106/http://www.securityfocus.com/bid/73295
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228080106/http://www.securityfocus.com/bid/73295
9
reference_url http://www.openwall.com/lists/oss-security/2015/03/24/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/03/24/3
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781238
reference_id 781238
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781238
11
reference_url https://github.com/advisories/GHSA-3fhf-6939-qg8p
reference_id GHSA-3fhf-6939-qg8p
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3fhf-6939-qg8p
12
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
aliases CVE-2015-1820, GHSA-3fhf-6939-qg8p, OSV-119878
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhdm-w6p1-uuh9
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby200-rubygem-eventmachine@1.0.7-2%3Farch=el6cf