Package Instance

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3424

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json

reference_url

reference_id

reference_type

scores

value	0.00981
scoring_system	epss
scoring_elements	0.76812
published_at	2026-04-16T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76746
published_at	2026-04-04T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76729
published_at	2026-04-07T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.7676
published_at	2026-04-08T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76771
published_at	2026-04-13T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76799
published_at	2026-04-11T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76779
published_at	2026-04-12T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76714
published_at	2026-04-01T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76718
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3424

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600

reference_url

https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain

reference_url

http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=843711
reference_id	843711
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=843711

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3424

reference_id

CVE-2012-3424

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3424

reference_url

https://github.com/advisories/GHSA-92w9-2pqw-rhjj

reference_id

GHSA-92w9-2pqw-rhjj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-92w9-2pqw-rhjj

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

aliases

CVE-2012-3424, GHSA-92w9-2pqw-rhjj, OSV-84243

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-awt1-8bxs-xffs

url

VCID-bsxw-gh14-rbef

vulnerability_id

VCID-bsxw-gh14-rbef

summary

activerecord vulnerable to SQL Injection
The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2695

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json

reference_url

reference_id

reference_type

scores

value	0.00637
scoring_system	epss
scoring_elements	0.70478
published_at	2026-04-09T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70462
published_at	2026-04-08T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70408
published_at	2026-04-01T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70422
published_at	2026-04-02T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70417
published_at	2026-04-07T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70439
published_at	2026-04-04T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70515
published_at	2026-04-16T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70473
published_at	2026-04-13T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70487
published_at	2026-04-12T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70502
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2695

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18

reference_url

https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain

reference_url

https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=831573
reference_id	831573
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=831573

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2695

reference_id

CVE-2012-2695

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2695

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml

reference_id

CVE-2012-2695.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml

reference_url

https://github.com/advisories/GHSA-76wq-xw4h-f8wj

reference_id

GHSA-76wq-xw4h-f8wj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-76wq-xw4h-f8wj

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

aliases

CVE-2012-2695, GHSA-76wq-xw4h-f8wj

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-bsxw-gh14-rbef

url

VCID-c1w4-z275-tqg7

vulnerability_id

VCID-c1w4-z275-tqg7

summary

Ruby on Rails Potential XSS Vulnerability in select_tag prompt
When a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3463

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json

reference_url

reference_id

reference_type

scores

value	0.00333
scoring_system	epss
scoring_elements	0.56171
published_at	2026-04-16T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5613
published_at	2026-04-04T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56161
published_at	2026-04-08T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56166
published_at	2026-04-09T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56177
published_at	2026-04-11T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56153
published_at	2026-04-12T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56137
published_at	2026-04-13T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56001
published_at	2026-04-01T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5611
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3463

reference_url

https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64

reference_url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ

reference_url

https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain

reference_url

https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3463

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3463

reference_url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_url	http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=847196
reference_id	847196
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=847196

reference_url

https://github.com/advisories/GHSA-98mf-8f57-64qf

reference_id

GHSA-98mf-8f57-64qf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-98mf-8f57-64qf

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

aliases

CVE-2012-3463, GHSA-98mf-8f57-64qf, OSV-84515

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-c1w4-z275-tqg7

url

VCID-c883-yge1-yygb

vulnerability_id

VCID-c883-yge1-yygb

summary

openshift-origin-node Improper Input Validation vulnerability
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.

references

reference_url

https://access.redhat.com/errata/RHBA-2014:0487

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHBA-2014:0487

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0084.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0084.json

reference_url

https://access.redhat.com/security/cve/CVE-2014-0084

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2014-0084

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0084

reference_id

reference_type

scores

value	0.00122
scoring_system	epss
scoring_elements	0.31337
published_at	2026-04-11T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31284
published_at	2026-04-16T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.3125
published_at	2026-04-13T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31246
published_at	2026-04-01T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31293
published_at	2026-04-12T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31387
published_at	2026-04-02T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31428
published_at	2026-04-04T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31249
published_at	2026-04-07T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31302
published_at	2026-04-08T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31332
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0084

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1065198

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1065198

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084

reference_url

https://github.com/openshift/origin-server

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openshift/origin-server

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openshift-origin-node/CVE-2014-0084.yml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openshift-origin-node/CVE-2014-0084.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0084

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0084

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_origin::::::::
reference_id	cpe:2.3:a:redhat:openshift_origin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_origin::::::::

reference_url

https://github.com/advisories/GHSA-756m-3qf2-hp58

reference_id

GHSA-756m-3qf2-hp58

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-756m-3qf2-hp58

fixed_packages

aliases

CVE-2014-0084, GHSA-756m-3qf2-hp58

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-c883-yge1-yygb

url

VCID-cwa7-9d2t-rfhb

vulnerability_id

VCID-cwa7-9d2t-rfhb

summary

actionpack Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3465

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json

reference_url

reference_id

reference_type

scores

value	0.00333
scoring_system	epss
scoring_elements	0.56171
published_at	2026-04-16T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5611
published_at	2026-04-07T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5613
published_at	2026-04-04T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56161
published_at	2026-04-08T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56166
published_at	2026-04-09T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56177
published_at	2026-04-11T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56153
published_at	2026-04-12T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56137
published_at	2026-04-13T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56001
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3465

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77

reference_url

https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a

reference_url

https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain

reference_url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=847200
reference_id	847200
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=847200

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3465

reference_id

CVE-2012-3465

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3465

reference_url

https://github.com/advisories/GHSA-7g65-ghrg-hpf5

reference_id

GHSA-7g65-ghrg-hpf5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7g65-ghrg-hpf5

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

aliases

CVE-2012-3465, GHSA-7g65-ghrg-hpf5, OSV-84513

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-cwa7-9d2t-rfhb

url

VCID-hbtn-7423-m3gb

vulnerability_id

VCID-hbtn-7423-m3gb

summary

Circumvention of attr_protected
The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0686.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0686.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0276

reference_id

reference_type

scores

value	0.00606
scoring_system	epss
scoring_elements	0.69678
published_at	2026-04-16T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.6957
published_at	2026-04-01T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69582
published_at	2026-04-02T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69598
published_at	2026-04-04T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69577
published_at	2026-04-07T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69627
published_at	2026-04-08T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69644
published_at	2026-04-09T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69666
published_at	2026-04-11T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69652
published_at	2026-04-12T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69637
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0276

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276

reference_url	http://secunia.com/advisories/52112
reference_id
reference_type
scores
url	http://secunia.com/advisories/52112

reference_url	http://secunia.com/advisories/52774
reference_id
reference_type
scores
url	http://secunia.com/advisories/52774

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8

reference_url

https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0276

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0276

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896

reference_url

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/

reference_url

http://www.debian.org/security/2013/dsa-2620

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2620

reference_url

http://www.openwall.com/lists/oss-security/2013/02/11/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/11/5

reference_url	http://www.osvdb.org/90072
reference_id
reference_type
scores
url	http://www.osvdb.org/90072

reference_url	http://www.securityfocus.com/bid/57896
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/57896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=909528
reference_id	909528
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=909528

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*

reference_url

https://github.com/advisories/GHSA-gr44-7grc-37vq

reference_id

GHSA-gr44-7grc-37vq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gr44-7grc-37vq

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

reference_url	https://access.redhat.com/errata/RHSA-2013:0686
reference_id	RHSA-2013:0686
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0686

fixed_packages

aliases

CVE-2013-0276, GHSA-gr44-7grc-37vq, OSV-90072

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-hbtn-7423-m3gb

url

VCID-hr2h-y693-sbgc

vulnerability_id

VCID-hr2h-y693-sbgc

summary

activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.rb` in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3464

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json

reference_url

reference_id

reference_type

scores

value	0.00333
scoring_system	epss
scoring_elements	0.56171
published_at	2026-04-16T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56137
published_at	2026-04-13T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56153
published_at	2026-04-12T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56177
published_at	2026-04-11T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56166
published_at	2026-04-09T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56161
published_at	2026-04-08T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56001
published_at	2026-04-01T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5613
published_at	2026-04-04T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5611
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3464

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce

reference_url

https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23

reference_url

https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870

reference_url

https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc

reference_url

https://github.com/rails/rails/issues/7215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/issues/7215

reference_url

https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain

reference_url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=847199
reference_id	847199
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=847199

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3464

reference_id

CVE-2012-3464

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3464

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml

reference_id

CVE-2012-3464.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml

reference_url

https://github.com/advisories/GHSA-h835-75hw-pj89

reference_id

GHSA-h835-75hw-pj89

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-h835-75hw-pj89

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

aliases

CVE-2012-3464, GHSA-h835-75hw-pj89, OSV-84516

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-hr2h-y693-sbgc

url

VCID-hunm-dpcd-r3ff

vulnerability_id

VCID-hunm-dpcd-r3ff

summary

ruby: unintentional file creation caused by inserting an illegal NUL character

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html

reference_url	http://rhn.redhat.com/errata/RHSA-2013-0129.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-0129.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4522.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4522.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4522

reference_id

reference_type

scores

value	0.00348
scoring_system	epss
scoring_elements	0.57347
published_at	2026-04-13T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57238
published_at	2026-04-01T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.5732
published_at	2026-04-02T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57343
published_at	2026-04-04T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57319
published_at	2026-04-07T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57371
published_at	2026-04-08T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57373
published_at	2026-04-16T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57388
published_at	2026-04-11T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57368
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4522

reference_url	http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163
reference_id
reference_type
scores
url	http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163

reference_url	https://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability
reference_id
reference_type
scores
url	https://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability

reference_url	http://www.openwall.com/lists/oss-security/2012/10/12/6
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2012/10/12/6

reference_url	http://www.openwall.com/lists/oss-security/2012/10/13/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2012/10/13/1

reference_url	http://www.openwall.com/lists/oss-security/2012/10/16/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2012/10/16/1

reference_url	http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/
reference_id
reference_type
scores
url	http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=865940
reference_id	865940
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=865940

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:::::::*
reference_id	cpe:2.3:a:ruby-lang:ruby:1.9.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:::::::*
reference_id	cpe:2.3:a:ruby-lang:ruby:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-4522

reference_id

CVE-2012-4522

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2012-4522

reference_url	https://access.redhat.com/errata/RHSA-2013:0129
reference_id	RHSA-2013:0129
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0129

reference_url	https://usn.ubuntu.com/1614-1/
reference_id	USN-1614-1
reference_type
scores
url	https://usn.ubuntu.com/1614-1/

fixed_packages

aliases

CVE-2012-4522, GHSA-6mch-f8jc-rpmr, OSV-87917

risk_score

2.2

exploitability

0.5

weighted_severity

4.5

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-hunm-dpcd-r3ff

url

VCID-j7p8-hchp-xbe3

vulnerability_id

VCID-j7p8-hchp-xbe3

summary

Unsafe Query Generation Risk in Ruby on Rails
Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it.

references

reference_url

http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0155

reference_url	http://rhn.redhat.com/errata/RHSA-2013-0155.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-0155.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json

reference_url

reference_id

reference_type

scores

value	0.18174
scoring_system	epss
scoring_elements	0.95199
published_at	2026-04-16T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95166
published_at	2026-04-02T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95167
published_at	2026-04-04T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95171
published_at	2026-04-07T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95178
published_at	2026-04-08T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95182
published_at	2026-04-09T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95188
published_at	2026-04-12T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95191
published_at	2026-04-13T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95155
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI

reference_url

https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0155

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0155

reference_url	https://puppet.com/security/cve/cve-2013-0155
reference_id
reference_type
scores
url	https://puppet.com/security/cve/cve-2013-0155

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2609

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2609

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=892866
reference_id	892866
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=892866

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::
reference_id	cpe:2.3:a:rubyonrails:rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:::::::*

reference_url

https://github.com/advisories/GHSA-gppp-5xc5-wfpx

reference_id

GHSA-gppp-5xc5-wfpx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gppp-5xc5-wfpx

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

reference_url	https://access.redhat.com/errata/RHSA-2013:0155
reference_id	RHSA-2013:0155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0155

fixed_packages

aliases

CVE-2013-0155, GHSA-gppp-5xc5-wfpx, OSV-89025

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-j7p8-hchp-xbe3

url

VCID-jj3a-fpsa-a7at

vulnerability_id

VCID-jj3a-fpsa-a7at

summary

Multiple vulnerabilities have been found in Ruby, allowing
    context-dependent attackers to cause a Denial of Service condition.

references

reference_url	http://2012.appsec-forum.ch/conferences/#c17
reference_id
reference_type
scores
url	http://2012.appsec-forum.ch/conferences/#c17

reference_url	http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf
reference_id
reference_type
scores
url	http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5371.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5371.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-5371

reference_id

reference_type

scores

value	0.01793
scoring_system	epss
scoring_elements	0.82794
published_at	2026-04-16T12:55:00Z

value	0.01793
scoring_system	epss
scoring_elements	0.82691
published_at	2026-04-01T12:55:00Z

value	0.01793
scoring_system	epss
scoring_elements	0.82707
published_at	2026-04-02T12:55:00Z

value	0.01793
scoring_system	epss
scoring_elements	0.8272
published_at	2026-04-04T12:55:00Z

value	0.01793
scoring_system	epss
scoring_elements	0.82717
published_at	2026-04-07T12:55:00Z

value	0.01793
scoring_system	epss
scoring_elements	0.82742
published_at	2026-04-08T12:55:00Z

value	0.01793
scoring_system	epss
scoring_elements	0.82749
published_at	2026-04-09T12:55:00Z

value	0.01793
scoring_system	epss
scoring_elements	0.82765
published_at	2026-04-11T12:55:00Z

value	0.01793
scoring_system	epss
scoring_elements	0.8276
published_at	2026-04-12T12:55:00Z

value	0.01793
scoring_system	epss
scoring_elements	0.82755
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-5371

reference_url	http://secunia.com/advisories/51253
reference_id
reference_type
scores
url	http://secunia.com/advisories/51253

reference_url	http://securitytracker.com/id?1027747
reference_id
reference_type
scores
url	http://securitytracker.com/id?1027747

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/79993
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/79993

reference_url	https://www.131002.net/data/talks/appsec12_slides.pdf
reference_id
reference_type
scores
url	https://www.131002.net/data/talks/appsec12_slides.pdf

reference_url	https://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371
reference_id
reference_type
scores
url	https://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371

reference_url	http://www.ocert.org/advisories/ocert-2012-001.html
reference_id
reference_type
scores
url	http://www.ocert.org/advisories/ocert-2012-001.html

reference_url	http://www.osvdb.org/87280
reference_id
reference_type
scores
url	http://www.osvdb.org/87280

reference_url	http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/
reference_id
reference_type
scores
url	http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/

reference_url	http://www.securityfocus.com/bid/56484
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/56484

reference_url	http://www.ubuntu.com/usn/USN-1733-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-1733-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=875236
reference_id	875236
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=875236

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:::::::*
reference_id	cpe:2.3:a:ruby-lang:ruby:1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:::::::*
reference_id	cpe:2.3:a:ruby-lang:ruby:1.9.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:::::::*
reference_id	cpe:2.3:a:ruby-lang:ruby:1.9.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:::::::*
reference_id	cpe:2.3:a:ruby-lang:ruby:1.9.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0::::::
reference_id	cpe:2.3:a:ruby-lang:ruby:1.9.3:p0::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125::::::
reference_id	cpe:2.3:a:ruby-lang:ruby:1.9.3:p125::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194::::::
reference_id	cpe:2.3:a:ruby-lang:ruby:1.9.3:p194::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:::::::*
reference_id	cpe:2.3:a:ruby-lang:ruby:2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby::p286::::::*
reference_id	cpe:2.3:a:ruby-lang:ruby::p286::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby::p286::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-5371

reference_id

CVE-2012-5371

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2012-5371

reference_url	https://security.gentoo.org/glsa/201412-27
reference_id	GLSA-201412-27
reference_type
scores
url	https://security.gentoo.org/glsa/201412-27

reference_url	https://usn.ubuntu.com/1733-1/
reference_id	USN-1733-1
reference_type
scores
url	https://usn.ubuntu.com/1733-1/

fixed_packages

aliases

CVE-2012-5371, GHSA-phrv-cj28-9h57, OSV-87863

risk_score

2.2

exploitability

0.5

weighted_severity

4.5

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-jj3a-fpsa-a7at

url

VCID-phxs-zet8-ryh3

vulnerability_id

VCID-phxs-zet8-ryh3

summary

SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2660

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json

reference_url

reference_id

reference_type

scores

value	0.00294
scoring_system	epss
scoring_elements	0.52801
published_at	2026-04-16T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52708
published_at	2026-04-02T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52734
published_at	2026-04-04T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.527
published_at	2026-04-07T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52751
published_at	2026-04-08T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52745
published_at	2026-04-09T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52796
published_at	2026-04-11T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.5278
published_at	2026-04-12T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52763
published_at	2026-04-13T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52663
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2660

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b

reference_url	https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml

reference_url	https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ

reference_url

https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain

reference_url

https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=827353
reference_id	827353
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=827353

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2660

reference_id

CVE-2012-2660

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2660

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml

reference_id

CVE-2012-2660.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml

reference_id

CVE-2012-2660.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml

reference_url

https://github.com/advisories/GHSA-hgpp-pp89-4fgf

reference_id

GHSA-hgpp-pp89-4fgf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hgpp-pp89-4fgf

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

aliases

CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-phxs-zet8-ryh3

url

VCID-rq7w-zmh4-17e1

vulnerability_id

VCID-rq7w-zmh4-17e1

summary

SQL injection vulnerability in Active Record
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2661

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json

reference_url

reference_id

reference_type

scores

value	0.0073
scoring_system	epss
scoring_elements	0.72694
published_at	2026-04-16T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72679
published_at	2026-04-11T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72662
published_at	2026-04-12T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72652
published_at	2026-04-13T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72604
published_at	2026-04-01T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72611
published_at	2026-04-02T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72628
published_at	2026-04-04T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72605
published_at	2026-04-07T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72644
published_at	2026-04-08T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72656
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661

reference_url	https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml

reference_url

https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2661

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2661

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=827363
reference_id	827363
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=827363

reference_url

https://github.com/advisories/GHSA-fh39-v733-mxfr

reference_id

GHSA-fh39-v733-mxfr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fh39-v733-mxfr

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

aliases

CVE-2012-2661, GHSA-fh39-v733-mxfr, OSV-82403

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-rq7w-zmh4-17e1

url

VCID-rrwv-dzq7-9ybd

vulnerability_id

VCID-rrwv-dzq7-9ybd

summary

Jenkins Cross-Site Request Forgery vulnerabilities
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-2034

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2034.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2034.json

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-2034

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2034

reference_id

reference_type

scores

value	0.00332
scoring_system	epss
scoring_elements	0.56128
published_at	2026-04-16T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56086
published_at	2026-04-04T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56065
published_at	2026-04-07T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56117
published_at	2026-04-08T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56122
published_at	2026-04-09T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56133
published_at	2026-04-11T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.5611
published_at	2026-04-12T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56093
published_at	2026-04-13T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.55955
published_at	2026-04-01T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56066
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2034

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=958958

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=958958

reference_url

https://issues.jenkins-ci.org/browse/SECURITY-63

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.jenkins-ci.org/browse/SECURITY-63

reference_url

https://issues.jenkins-ci.org/browse/SECURITY-69

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.jenkins-ci.org/browse/SECURITY-69

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2034

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2034

reference_url

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02

reference_url

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb

reference_url

https://github.com/advisories/GHSA-fg4r-f9j2-36mw

reference_id

GHSA-fg4r-f9j2-36mw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fg4r-f9j2-36mw

fixed_packages

aliases

CVE-2013-2034, GHSA-fg4r-f9j2-36mw

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-rrwv-dzq7-9ybd

url VCID-s2ka-cp49-q3hz

vulnerability_id VCID-s2ka-cp49-q3hz

summary mcollective: default password set at install

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0175.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0175.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0175

reference_id

reference_type

scores

value	0.00483
scoring_system	epss
scoring_elements	0.65094
published_at	2026-04-01T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65144
published_at	2026-04-02T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65169
published_at	2026-04-04T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65135
published_at	2026-04-07T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65185
published_at	2026-04-08T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65197
published_at	2026-04-09T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65216
published_at	2026-04-11T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65203
published_at	2026-04-12T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65175
published_at	2026-04-13T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.6521
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0175

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0175
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0175

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1086381
reference_id	1086381
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1086381

fixed_packages

aliases CVE-2014-0175

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s2ka-cp49-q3hz

url

VCID-tt6r-bytq-4fa4

vulnerability_id

VCID-tt6r-bytq-4fa4

summary

actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2694

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json

reference_url

reference_id

reference_type

scores

value	0.0022
scoring_system	epss
scoring_elements	0.44682
published_at	2026-04-08T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44693
published_at	2026-04-04T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44728
published_at	2026-04-16T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44671
published_at	2026-04-13T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.4467
published_at	2026-04-12T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44701
published_at	2026-04-11T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44684
published_at	2026-04-09T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44631
published_at	2026-04-07T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44593
published_at	2026-04-01T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44673
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2694

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a

reference_url

https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52

reference_url

https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain

reference_url

https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=831581
reference_id	831581
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=831581

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2694

reference_id

CVE-2012-2694

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2694

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml

reference_id

CVE-2012-2694.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml

reference_url

https://github.com/advisories/GHSA-q34c-48gc-m9g8

reference_id

GHSA-q34c-48gc-m9g8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q34c-48gc-m9g8

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

aliases

CVE-2012-2694, GHSA-q34c-48gc-m9g8

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-tt6r-bytq-4fa4

url

VCID-vnm4-gfjh-8qa7

vulnerability_id

VCID-vnm4-gfjh-8qa7

summary

openshift-origin-broker: default password creation

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0234.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0234.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0234

reference_id

reference_type

scores

value	0.08806
scoring_system	epss
scoring_elements	0.92488
published_at	2026-04-01T12:55:00Z

value	0.08806
scoring_system	epss
scoring_elements	0.92494
published_at	2026-04-02T12:55:00Z

value	0.08806
scoring_system	epss
scoring_elements	0.92503
published_at	2026-04-04T12:55:00Z

value	0.08806
scoring_system	epss
scoring_elements	0.92505
published_at	2026-04-07T12:55:00Z

value	0.08806
scoring_system	epss
scoring_elements	0.92517
published_at	2026-04-08T12:55:00Z

value	0.08806
scoring_system	epss
scoring_elements	0.92522
published_at	2026-04-09T12:55:00Z

value	0.08806
scoring_system	epss
scoring_elements	0.92528
published_at	2026-04-13T12:55:00Z

value	0.08806
scoring_system	epss
scoring_elements	0.92529
published_at	2026-04-12T12:55:00Z

value	0.08806
scoring_system	epss
scoring_elements	0.92539
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0234

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1097008
reference_id	1097008
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1097008

fixed_packages

aliases

CVE-2014-0234

risk_score

0.1

exploitability

0.5

weighted_severity

0.1

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-vnm4-gfjh-8qa7

url

VCID-vspr-h3ds-dudq

vulnerability_id

VCID-vspr-h3ds-dudq

summary

Incorrect temporary file usage
The ruby_parser Gem does not create temporary files securely. In the `diff_pp` function contained in `lib/gauntlet_rubyparser.rb` function, it creates files as `/tmp/a.[pid]` and `/tmp/b.[pid]` which can be predicted and used for either a denial of service (file cannot be overwritten), or to change the contents of files that are writable.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0544.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0544.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0548.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0548.html

reference_url

https://access.redhat.com/errata/RHSA-2013:0544

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0544

reference_url

https://access.redhat.com/errata/RHSA-2013:0582

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0582

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0162.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0162.json

reference_url

https://access.redhat.com/security/cve/CVE-2013-0162

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-0162

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0162

reference_id

reference_type

scores

value	0.00149
scoring_system	epss
scoring_elements	0.35503
published_at	2026-04-04T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35439
published_at	2026-04-16T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35399
published_at	2026-04-13T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35423
published_at	2026-04-12T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35465
published_at	2026-04-11T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35386
published_at	2026-04-07T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35457
published_at	2026-04-09T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35279
published_at	2026-04-01T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35432
published_at	2026-04-08T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35478
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0162

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=892806

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=892806

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby_parser/CVE-2013-0162.yml

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby_parser/CVE-2013-0162.yml

reference_url

https://github.com/seattlerb/ruby_parser

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/seattlerb/ruby_parser

reference_url

https://github.com/seattlerb/ruby_parser/commit/506c7e13cff6f8715385fa8488b621028b4ad280

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/seattlerb/ruby_parser/commit/506c7e13cff6f8715385fa8488b621028b4ad280

reference_url

https://github.com/seattlerb/ruby_parser/commit/c35acd878d50a8e4ea35933e3fbdc493421d422c

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/seattlerb/ruby_parser/commit/c35acd878d50a8e4ea35933e3fbdc493421d422c

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0162

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:N/I:P/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0162

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser::::::::
reference_id	cpe:2.3:a:ryan_davis:ruby_parser::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:1.0.0:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:1.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:1.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.0:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.1:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.2:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.3:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.4:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.5:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.6:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.1.0:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.2.0:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:2.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.3.0:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:2.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.3.1:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a1:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a10:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a2:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a3:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a4:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a5:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a6:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a7:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a8:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a9:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.1:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.2:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.3:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.4:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.1.0:::::::*
reference_id	cpe:2.3:a:ryan_davis:ruby_parser:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ryan_davis:ruby_parser:3.1.0:::::::*

reference_url

https://github.com/advisories/GHSA-8mvw-22r7-w6fq

reference_id

GHSA-8mvw-22r7-w6fq

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8mvw-22r7-w6fq

fixed_packages

aliases

CVE-2013-0162, GHSA-8mvw-22r7-w6fq, OSV-90561

risk_score

1.4

exploitability

0.5

weighted_severity

2.7

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-vspr-h3ds-dudq

url

VCID-weh8-bs3g-a3hp

vulnerability_id

VCID-weh8-bs3g-a3hp

summary

1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4464.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4464.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4464

reference_id

reference_type

scores

value	0.00378
scoring_system	epss
scoring_elements	0.59362
published_at	2026-04-16T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59364
published_at	2026-04-11T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59347
published_at	2026-04-12T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59329
published_at	2026-04-13T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66428
published_at	2026-04-01T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66527
published_at	2026-04-09T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66513
published_at	2026-04-08T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66467
published_at	2026-04-02T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66494
published_at	2026-04-04T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66464
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4464

reference_url	http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
reference_id
reference_type
scores
url	http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068

reference_url	https://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/
reference_id
reference_type
scores
url	https://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/

reference_url	http://www.openwall.com/lists/oss-security/2012/10/02/4
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2012/10/02/4

reference_url	http://www.openwall.com/lists/oss-security/2012/10/03/9
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2012/10/03/9

reference_url	http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/
reference_id
reference_type
scores
url	http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=862598
reference_id	862598
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=862598

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:::::::*
reference_id	cpe:2.3:a:ruby-lang:ruby:1.9.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0::::::
reference_id	cpe:2.3:a:ruby-lang:ruby:1.9.3:p0::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125::::::
reference_id	cpe:2.3:a:ruby-lang:ruby:1.9.3:p125::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194::::::
reference_id	cpe:2.3:a:ruby-lang:ruby:1.9.3:p194::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:::::::*
reference_id	cpe:2.3:a:ruby-lang:ruby:2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:::::::*
reference_id	cpe:2.3:a:ruby-lang:ruby:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p0::::::
reference_id	cpe:2.3:a:ruby-lang:ruby:2.0.0:p0::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p0::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1::::::
reference_id	cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2::::::
reference_id	cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1::::::
reference_id	cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2::::::
reference_id	cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-4464

reference_id

CVE-2012-4464

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2012-4464

reference_url	https://usn.ubuntu.com/1602-1/
reference_id	USN-1602-1
reference_type
scores
url	https://usn.ubuntu.com/1602-1/

reference_url	https://usn.ubuntu.com/1614-1/
reference_id	USN-1614-1
reference_type
scores
url	https://usn.ubuntu.com/1614-1/

fixed_packages

aliases

CVE-2012-4464, GHSA-gjcp-rx5c-g849

risk_score

2.2

exploitability

0.5

weighted_severity

4.5

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-weh8-bs3g-a3hp

url

VCID-xenc-mfdw-mucm

vulnerability_id

VCID-xenc-mfdw-mucm

summary

stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1808.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1808.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1808

reference_id

reference_type

scores

value	0.01651
scoring_system	epss
scoring_elements	0.81947
published_at	2026-04-01T12:55:00Z

value	0.01651
scoring_system	epss
scoring_elements	0.82013
published_at	2026-04-09T12:55:00Z

value	0.01651
scoring_system	epss
scoring_elements	0.82032
published_at	2026-04-11T12:55:00Z

value	0.01651
scoring_system	epss
scoring_elements	0.82022
published_at	2026-04-12T12:55:00Z

value	0.01651
scoring_system	epss
scoring_elements	0.81959
published_at	2026-04-02T12:55:00Z

value	0.01651
scoring_system	epss
scoring_elements	0.81982
published_at	2026-04-04T12:55:00Z

value	0.01651
scoring_system	epss
scoring_elements	0.81978
published_at	2026-04-07T12:55:00Z

value	0.01651
scoring_system	epss
scoring_elements	0.82005
published_at	2026-04-08T12:55:00Z

value	0.01856
scoring_system	epss
scoring_elements	0.83067
published_at	2026-04-16T12:55:00Z

value	0.01856
scoring_system	epss
scoring_elements	0.83029
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1808

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1808
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1808

reference_url	http://seclists.org/fulldisclosure/2013/Apr/87
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2013/Apr/87

reference_url	http://seclists.org/fulldisclosure/2013/Apr/88
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2013/Apr/88

reference_url	http://seclists.org/fulldisclosure/2013/Feb/103
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2013/Feb/103

reference_url	http://seclists.org/fulldisclosure/2013/Feb/109
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2013/Feb/109

reference_url	http://seclists.org/fulldisclosure/2013/Mar/5
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2013/Mar/5

reference_url	http://securityvulns.ru/docs29103.html
reference_id
reference_type
scores
url	http://securityvulns.ru/docs29103.html

reference_url	http://securityvulns.ru/docs29104.html
reference_id
reference_type
scores
url	http://securityvulns.ru/docs29104.html

reference_url	http://securityvulns.ru/docs29105.html
reference_id
reference_type
scores
url	http://securityvulns.ru/docs29105.html

reference_url	https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108
reference_id
reference_type
scores
url	https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108

reference_url	https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696
reference_id
reference_type
scores
url	https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696

reference_url	http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
reference_id
reference_type
scores
url	http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb

reference_url	http://www.openwall.com/lists/oss-security/2013/03/03/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2013/03/03/3

reference_url	http://www.openwall.com/lists/oss-security/2013/03/10/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2013/03/10/2

reference_url	http://www.openwall.com/lists/oss-security/2013/03/25/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2013/03/25/1

reference_url	http://www.openwall.com/lists/oss-security/2013/03/26/8
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2013/03/26/8

reference_url	http://www.securityfocus.com/bid/58257
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/58257

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=918054
reference_id	918054
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=918054

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zeroclipboard_project:zeroclipboard::::::::
reference_id	cpe:2.3:a:zeroclipboard_project:zeroclipboard::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zeroclipboard_project:zeroclipboard::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.5:::::::*
reference_id	cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.5:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1808

reference_id

CVE-2013-1808

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1808

fixed_packages

aliases

CVE-2013-1808

risk_score

1.9

exploitability

0.5

weighted_severity

3.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-xenc-mfdw-mucm

url

VCID-z46p-c93u-auav

vulnerability_id

VCID-z46p-c93u-auav

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-2033 Jenkins: Build Description XSS

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url