Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/12840?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/12840?format=api", "purl": "pkg:gem/activerecord@3.2.0", "type": "gem", "namespace": "", "name": "activerecord", "version": "3.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.1.5.2", "latest_non_vulnerable_version": "8.0.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200410?format=api", "vulnerability_id": "VCID-18n5-8cur-m7ae", "summary": "Active Record vulnerable to SQL Injection via nested query parameters", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00627", "scoring_system": "epss", "scoring_elements": "0.70815", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00627", "scoring_system": "epss", "scoring_elements": "0.70715", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00627", "scoring_system": "epss", "scoring_elements": "0.70805", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00627", "scoring_system": "epss", "scoring_elements": "0.70818", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661" }, { "reference_url": "https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827363", "reference_id": "827363", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827363" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2661", "reference_id": "CVE-2012-2661", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2661" }, { "reference_url": "https://github.com/advisories/GHSA-fh39-v733-mxfr", "reference_id": "GHSA-fh39-v733-mxfr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fh39-v733-mxfr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12953?format=api", "purl": "pkg:gem/activerecord@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-39m4-12ms-skh2" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-3ser-nhqn-mbar" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-hh3w-dxkg-8ygx" }, { "vulnerability": "VCID-mxkb-wz2d-1kb5" }, { "vulnerability": "VCID-pbgu-3zaj-ukay" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-rhyd-xbpb-wufa" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4" } ], "aliases": [ "CVE-2012-2661", "GHSA-fh39-v733-mxfr", "OSV-82403" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18n5-8cur-m7ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25626?format=api", "vulnerability_id": "VCID-1ua6-6a16-9fde", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77644", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77718", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77726", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77712", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55193" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106", "reference_id": "1111106", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388446", "reference_id": "2388446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388446" }, { "reference_url": "https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290", "reference_id": "3beef20013736fd52c5dcfdf061f7999ba318290", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290" }, { "reference_url": "https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b", "reference_id": "568c0bc2f1e74c65d150a84b89a080949bf9eb9b", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b" }, { "reference_url": "https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202", "reference_id": "6a944ca4805e72050a0fbb1a461534eb760d3202", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202" }, { "reference_url": "https://github.com/advisories/GHSA-76r7-hhxj-r776", "reference_id": "GHSA-76r7-hhxj-r776", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76r7-hhxj-r776" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776", "reference_id": "GHSA-76r7-hhxj-r776", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377617?format=api", "purl": "pkg:gem/activerecord@7.1.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.1.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/823594?format=api", "purl": "pkg:gem/activerecord@7.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/377616?format=api", "purl": "pkg:gem/activerecord@7.2.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/823601?format=api", "purl": "pkg:gem/activerecord@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/377615?format=api", "purl": "pkg:gem/activerecord@8.0.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.2.1" } ], "aliases": [ "CVE-2025-55193", "GHSA-76r7-hhxj-r776" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ua6-6a16-9fde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/202850?format=api", "vulnerability_id": "VCID-2b1z-1k24-kfb8", "summary": "The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the \"typed XML\" feature and a MySQL database.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2013/02/06/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/02/06/7" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/04/24/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/04/24/7" }, { "reference_url": "http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65651", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65749", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65763", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65759", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3221" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3221", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3221" }, { "reference_url": "https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=954365", "reference_id": "954365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=954365" }, { "reference_url": "https://github.com/advisories/GHSA-f57c-hx33-hvh8", "reference_id": "GHSA-f57c-hx33-hvh8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f57c-hx33-hvh8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12616?format=api", "purl": "pkg:gem/activerecord@4.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-a78m-qhav-13dm" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-nex8-cvgj-f7bc" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.0" } ], "aliases": [ "CVE-2013-3221", "GHSA-f57c-hx33-hvh8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2b1z-1k24-kfb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111937?format=api", "vulnerability_id": "VCID-34kh-7cbr-s7b9", "summary": "security update", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/07/02/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/07/02/5" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0877.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0877.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00924", "scoring_system": "epss", "scoring_elements": "0.7646", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00924", "scoring_system": "epss", "scoring_elements": "0.7654", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00924", "scoring_system": "epss", "scoring_elements": "0.76545", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00924", "scoring_system": "epss", "scoring_elements": "0.7653", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3483" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }, { "reference_url": "https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4" }, { "reference_url": "https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2982", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114427", "reference_id": "1114427", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114427" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3483", "reference_id": "CVE-2014-3483", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3483" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml", "reference_id": "CVE-2014-3483.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml" }, { "reference_url": "https://github.com/advisories/GHSA-r8fh-hq2p-7qhq", "reference_id": "GHSA-r8fh-hq2p-7qhq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r8fh-hq2p-7qhq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0877", "reference_id": "RHSA-2014:0877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0877" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12679?format=api", "purl": "pkg:gem/activerecord@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/12722?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-mxkb-wz2d-1kb5" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12678?format=api", "purl": "pkg:gem/activerecord@4.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.3" } ], "aliases": [ "CVE-2014-3483", "GHSA-r8fh-hq2p-7qhq", "OSV-108665" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-34kh-7cbr-s7b9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178547?format=api", "vulnerability_id": "VCID-39m4-12ms-skh2", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91527", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91491", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91522", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91529", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277" }, { "reference_url": "http://securitytracker.com/id?1028109", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1028109" }, { "reference_url": "https://github.com/rails/rails/tree/v6.1.4.1/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/v6.1.4.1/activerecord" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2620", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/11/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909633", "reference_id": "909633", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909633" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0277", "reference_id": "CVE-2013-0277", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0277" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-0277", "reference_id": "CVE-2013-0277", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-0277" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml", "reference_id": "CVE-2013-0277.YML", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml" }, { "reference_url": "https://github.com/advisories/GHSA-fhj9-cjjh-27vm", "reference_id": "GHSA-fhj9-cjjh-27vm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fhj9-cjjh-27vm" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2013-0277", "GHSA-fhj9-cjjh-27vm", "OSV-90073" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39m4-12ms-skh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/493?format=api", "vulnerability_id": "VCID-3qsf-qm7w-y7be", "summary": "", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.79457", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.7938", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.79447", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.79462", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957", "reference_id": "1301957", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577", "reference_id": "CVE-2015-7577", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml", "reference_id": "CVE-2015-7577.YML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xrr6-3pc4-m447", "reference_id": "GHSA-xrr6-3pc4-m447", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrr6-3pc4-m447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12631?format=api", "purl": "pkg:gem/activerecord@3.2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12725?format=api", "purl": "pkg:gem/activerecord@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12757?format=api", "purl": "pkg:gem/activerecord@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12686?format=api", "purl": "pkg:gem/activerecord@5.0.0.beta1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-8ajf-ebxr-7bgf" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.0.0.beta1.1" } ], "aliases": [ "CVE-2015-7577", "GHSA-xrr6-3pc4-m447" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qsf-qm7w-y7be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178544?format=api", "vulnerability_id": "VCID-3ser-nhqn-mbar", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95362", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95341", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95355", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.9536", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2609", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2609" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892866", "reference_id": "892866", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892866" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0155", "reference_id": "CVE-2013-0155", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0155" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml", "reference_id": "CVE-2013-0155.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gppp-5xc5-wfpx", "reference_id": "GHSA-gppp-5xc5-wfpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gppp-5xc5-wfpx" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12841?format=api", "purl": "pkg:gem/activerecord@3.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-39m4-12ms-skh2" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-hh3w-dxkg-8ygx" }, { "vulnerability": "VCID-mxkb-wz2d-1kb5" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-rhyd-xbpb-wufa" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.11" } ], "aliases": [ "CVE-2013-0155", "GHSA-gppp-5xc5-wfpx", "OSV-89025" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ser-nhqn-mbar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200350?format=api", "vulnerability_id": "VCID-72jm-58dq-mub5", "summary": "Action Pack contains database-query restrictions bypass", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36637", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36841", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36816", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.3683", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b" }, { "reference_url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml" }, { "reference_url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353", "reference_id": "827353", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660", "reference_id": "CVE-2012-2660", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml", "reference_id": "CVE-2012-2660.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml", "reference_id": "CVE-2012-2660.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf", "reference_id": "GHSA-hgpp-pp89-4fgf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12953?format=api", "purl": "pkg:gem/activerecord@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-39m4-12ms-skh2" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-3ser-nhqn-mbar" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-hh3w-dxkg-8ygx" }, { "vulnerability": "VCID-mxkb-wz2d-1kb5" }, { "vulnerability": "VCID-pbgu-3zaj-ukay" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-rhyd-xbpb-wufa" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4" } ], "aliases": [ "CVE-2012-2660", "GHSA-hgpp-pp89-4fgf", "OSV-82610" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-72jm-58dq-mub5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111935?format=api", "vulnerability_id": "VCID-74g9-svkp-h3f1", "summary": "security update", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/07/02/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/07/02/5" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0876.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0876.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81783", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.8172", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81782", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81791", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2982", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114425", "reference_id": "1114425", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114425" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3482", "reference_id": "CVE-2014-3482", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3482" }, { "reference_url": "https://github.com/advisories/GHSA-mhwp-qhpc-h3jm", "reference_id": "GHSA-mhwp-qhpc-h3jm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhwp-qhpc-h3jm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0876", "reference_id": "RHSA-2014:0876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0876" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12716?format=api", "purl": "pkg:gem/activerecord@3.2.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/12651?format=api", "purl": "pkg:gem/activerecord@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-a78m-qhav-13dm" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-mxkb-wz2d-1kb5" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" }, { "vulnerability": "VCID-xa3t-2av7-zqe4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.0" } ], "aliases": [ "CVE-2014-3482", "GHSA-mhwp-qhpc-h3jm", "OSV-108664" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-74g9-svkp-h3f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12054?format=api", "vulnerability_id": "VCID-c7qj-hcu8-p7hc", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01944", "scoring_system": "epss", "scoring_elements": "0.83831", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01944", "scoring_system": "epss", "scoring_elements": "0.83892", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01944", "scoring_system": "epss", "scoring_elements": "0.83896", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01944", "scoring_system": "epss", "scoring_elements": "0.83887", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a" }, { "reference_url": "https://github.com/rails/rails/commits/main/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commits/main/activerecord" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140", "reference_id": "1016140", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108997", "reference_id": "2108997", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108997" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32224", "reference_id": "CVE-2022-32224", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32224" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml", "reference_id": "CVE-2022-32224.YML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml" }, { "reference_url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j", "reference_id": "GHSA-3hhc-qp5v-9p2j", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/" } ], "url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j" }, { "reference_url": "https://security.gentoo.org/glsa/202408-24", "reference_id": "GLSA-202408-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-24" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U", "reference_id": "MmFO3LYQE8U", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0261", "reference_id": "RHSA-2023:0261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1151", "reference_id": "RHSA-2023:1151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25300?format=api", "purl": "pkg:gem/activerecord@5.2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/575288?format=api", "purl": "pkg:gem/activerecord@6.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25292?format=api", "purl": "pkg:gem/activerecord@6.0.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/575300?format=api", "purl": "pkg:gem/activerecord@6.1.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25298?format=api", "purl": "pkg:gem/activerecord@6.1.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/575314?format=api", "purl": "pkg:gem/activerecord@7.0.0.alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.0.alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25295?format=api", "purl": "pkg:gem/activerecord@7.0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-ez3g-ygna-jkb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.3.1" } ], "aliases": [ "CVE-2022-32224", "GHSA-3hhc-qp5v-9p2j", "GMS-2022-3029" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c7qj-hcu8-p7hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183406?format=api", "vulnerability_id": "VCID-cgfh-yfn7-7ke9", "summary": "Multiple vulnerabilities have been discovered in Rails, the worst of which\n leading to the execution of arbitrary SQL statements.", "references": [ { "reference_url": "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1" }, { "reference_url": "http://gist.github.com/8946", "reference_id": "", "reference_type": "", "scores": [], "url": "http://gist.github.com/8946" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" }, { "reference_url": "http://rails.lighthouseapp.com/projects/8994/tickets/288", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rails.lighthouseapp.com/projects/8994/tickets/288" }, { "reference_url": "http://rails.lighthouseapp.com/projects/8994/tickets/964", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rails.lighthouseapp.com/projects/8994/tickets/964" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.8718", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.87183", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.87177", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.87131", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4094" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094" }, { "reference_url": "http://secunia.com/advisories/31875", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31875" }, { "reference_url": "http://secunia.com/advisories/31909", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31909" }, { "reference_url": "http://secunia.com/advisories/31910", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31910" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45109", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45109" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645" }, { "reference_url": "https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1" }, { "reference_url": "https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch" }, { "reference_url": "https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch" }, { "reference_url": "https://web.archive.org/web/20081104151751/http://gist.github.com/8946", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081104151751/http://gist.github.com/8946" }, { "reference_url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875" }, { "reference_url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/" }, { "reference_url": "https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909" }, { "reference_url": "https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910" }, { "reference_url": "https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562" }, { "reference_url": "https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176" }, { "reference_url": "https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/09/13/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2008/09/13/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/09/16/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2008/09/16/1" }, { "reference_url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter" }, { "reference_url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/" }, { "reference_url": "http://www.securityfocus.com/bid/31176", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/31176" }, { "reference_url": "http://www.securitytracker.com/id?1020871", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1020871" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/2562", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/2562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791", "reference_id": "500791", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4094", "reference_id": "CVE-2008-4094", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4094" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml", "reference_id": "CVE-2008-4094.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xf96-32q2-9rw2", "reference_id": "GHSA-xf96-32q2-9rw2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xf96-32q2-9rw2" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [], "aliases": [ "CVE-2008-4094", "GHSA-xf96-32q2-9rw2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cgfh-yfn7-7ke9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12570?format=api", "vulnerability_id": "VCID-cvs8-ejdv-uqhy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81854", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81846", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81847", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81785", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf" }, { "reference_url": "https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml" }, { "reference_url": "https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid" }, { "reference_url": "https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44566", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44566" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html", "reference_id": "2022-11-01-forcing-sequential-scans-on-postgresql.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/" } ], "url": "https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164789", "reference_id": "2164789", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164789" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119", "reference_id": "82119", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119" }, { "reference_url": "https://github.com/advisories/GHSA-579w-22j4-4749", "reference_id": "GHSA-579w-22j4-4749", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-579w-22j4-4749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379982?format=api", "purl": "pkg:gem/activerecord@6.1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379983?format=api", "purl": "pkg:gem/activerecord@7.0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.4.1" } ], "aliases": [ "CVE-2022-44566", "GHSA-579w-22j4-4749", "GMS-2023-59" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvs8-ejdv-uqhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178537?format=api", "vulnerability_id": "VCID-fbrw-bbm6-fbhp", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72247", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72337", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72343", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.7233", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0448" }, { "reference_url": "http://secunia.com/advisories/43278", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43278" }, { "reference_url": "http://securitytracker.com/id?1025063", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1025063" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474" }, { "reference_url": "https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063" }, { "reference_url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0448", "reference_id": "CVE-2011-0448", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0448" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml", "reference_id": "CVE-2011-0448.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml" }, { "reference_url": "https://github.com/advisories/GHSA-jmm9-2p29-vh2w", "reference_id": "GHSA-jmm9-2p29-vh2w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmm9-2p29-vh2w" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-0448", "GHSA-jmm9-2p29-vh2w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fbrw-bbm6-fbhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178546?format=api", "vulnerability_id": "VCID-hh3w-dxkg-8ygx", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70224", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70236", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70134", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70238", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2620", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/11/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909528", "reference_id": "909528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909528" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0276", "reference_id": "CVE-2013-0276", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0276" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml", "reference_id": "CVE-2013-0276.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gr44-7grc-37vq", "reference_id": "GHSA-gr44-7grc-37vq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gr44-7grc-37vq" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0686", "reference_id": "RHSA-2013:0686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0686" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12864?format=api", "purl": "pkg:gem/activerecord@3.2.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-mxkb-wz2d-1kb5" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-rhyd-xbpb-wufa" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.12" } ], "aliases": [ "CVE-2013-0276", "GHSA-gr44-7grc-37vq", "OSV-90072" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hh3w-dxkg-8ygx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199866?format=api", "vulnerability_id": "VCID-mxkb-wz2d-1kb5", "summary": "Array data injection vulnerability in activerecord", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/9" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48338", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48479", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48494", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48475", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0080" }, { "reference_url": "https://github.com/rails/rails/tree/main/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/main/activerecord" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s" }, { "reference_url": "https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065517", "reference_id": "1065517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065517" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0080", "reference_id": "CVE-2014-0080", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0080" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml", "reference_id": "CVE-2014-0080.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml" }, { "reference_url": "https://github.com/advisories/GHSA-hqf9-rc9j-5fmj", "reference_id": "GHSA-hqf9-rc9j-5fmj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hqf9-rc9j-5fmj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12652?format=api", "purl": "pkg:gem/activerecord@4.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/12722?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-mxkb-wz2d-1kb5" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12723?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta2" } ], "aliases": [ "CVE-2014-0080", "GHSA-hqf9-rc9j-5fmj", "OSV-103438" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxkb-wz2d-1kb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179831?format=api", "vulnerability_id": "VCID-pbgu-3zaj-ukay", "summary": "A vulnerability in Active Record could allow a remote attacker to\n inject SQL commands.", "references": [ { "reference_url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.7769", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77676", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77682", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77607", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6496" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=889649", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889649" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201401-22.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-201401-22.xml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6496", "reference_id": "CVE-2012-6496", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6496" }, { "reference_url": "https://github.com/advisories/GHSA-gh2w-j7cx-2664", "reference_id": "GHSA-gh2w-j7cx-2664", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gh2w-j7cx-2664" }, { "reference_url": "https://security.gentoo.org/glsa/201401-22", "reference_id": "GLSA-201401-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0220", "reference_id": "RHSA-2013:0220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0220" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12895?format=api", "purl": "pkg:gem/activerecord@3.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-39m4-12ms-skh2" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-3ser-nhqn-mbar" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-hh3w-dxkg-8ygx" }, { "vulnerability": "VCID-mxkb-wz2d-1kb5" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-rhyd-xbpb-wufa" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.10" } ], "aliases": [ "CVE-2012-6496", "GHSA-gh2w-j7cx-2664", "OSV-88661" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pbgu-3zaj-ukay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200367?format=api", "vulnerability_id": "VCID-rd4z-yncp-qkfu", "summary": "activerecord vulnerable to SQL Injection", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.71068", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70968", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.71058", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.7107", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2695" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=831573", "reference_id": "831573", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831573" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2695", "reference_id": "CVE-2012-2695", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2695" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml", "reference_id": "CVE-2012-2695.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml" }, { "reference_url": "https://github.com/advisories/GHSA-76wq-xw4h-f8wj", "reference_id": "GHSA-76wq-xw4h-f8wj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76wq-xw4h-f8wj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12936?format=api", "purl": "pkg:gem/activerecord@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-39m4-12ms-skh2" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-3ser-nhqn-mbar" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-hh3w-dxkg-8ygx" }, { "vulnerability": "VCID-mxkb-wz2d-1kb5" }, { "vulnerability": "VCID-pbgu-3zaj-ukay" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-rhyd-xbpb-wufa" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.6" } ], "aliases": [ "CVE-2012-2695", "GHSA-76wq-xw4h-f8wj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rd4z-yncp-qkfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178549?format=api", "vulnerability_id": "VCID-rhyd-xbpb-wufa", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0699", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.83171", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.83232", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.83237", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.83241", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1854" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE" }, { "reference_url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-1854", "reference_id": "CVE-2013-1854", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-1854" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1854", "reference_id": "CVE-2013-1854", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1854" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml", "reference_id": "CVE-2013-1854.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml" }, { "reference_url": "https://github.com/advisories/GHSA-3crr-9vmg-864v", "reference_id": "GHSA-3crr-9vmg-864v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3crr-9vmg-864v" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12867?format=api", "purl": "pkg:gem/activerecord@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-mxkb-wz2d-1kb5" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-rhyd-xbpb-wufa" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.13" } ], "aliases": [ "CVE-2013-1854", "GHSA-3crr-9vmg-864v", "OSV-91453" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhyd-xbpb-wufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178534?format=api", "vulnerability_id": "VCID-sfaa-e8am-x7gn", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3933", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72837", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72761", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72851", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72853", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3933" }, { "reference_url": "http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/41930" }, { "reference_url": "http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1024624" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae" }, { "reference_url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585" }, { "reference_url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930" }, { "reference_url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624" }, { "reference_url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2719", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/2719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933", "reference_id": "CVE-2010-3933", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml", "reference_id": "CVE-2010-3933.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf", "reference_id": "GHSA-gjxw-5w2q-7grf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2010-3933", "GHSA-gjxw-5w2q-7grf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sfaa-e8am-x7gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199890?format=api", "vulnerability_id": "VCID-sth3-da79-67bt", "summary": "Active Record subject to strong parameters protection bypass", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/08/18/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/08/18/10" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1102.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1102.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56418", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56541", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56551", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56537", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131240", "reference_id": "1131240", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131240" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3514", "reference_id": "CVE-2014-3514", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3514" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml", "reference_id": "CVE-2014-3514.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9rf5-jm6f-2fmm", "reference_id": "GHSA-9rf5-jm6f-2fmm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9rf5-jm6f-2fmm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1102", "reference_id": "RHSA-2014:1102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1102" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12675?format=api", "purl": "pkg:gem/activerecord@4.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/12722?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-mxkb-wz2d-1kb5" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12665?format=api", "purl": "pkg:gem/activerecord@4.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.5" } ], "aliases": [ "CVE-2014-3514", "GHSA-9rf5-jm6f-2fmm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sth3-da79-67bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178540?format=api", "vulnerability_id": "VCID-u2gv-wvdc-tfbs", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76938", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76929", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76944", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.7686", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2930" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731438", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2930", "reference_id": "CVE-2011-2930", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2930" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml", "reference_id": "CVE-2011-2930.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml" }, { "reference_url": "https://github.com/advisories/GHSA-h6w6-xmqv-7q78", "reference_id": "GHSA-h6w6-xmqv-7q78", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6w6-xmqv-7q78" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-2930", "GHSA-h6w6-xmqv-7q78" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2gv-wvdc-tfbs" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199866?format=api", "vulnerability_id": "VCID-mxkb-wz2d-1kb5", "summary": "Array data injection vulnerability in activerecord", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/9" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48338", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48479", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48494", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48475", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0080" }, { "reference_url": "https://github.com/rails/rails/tree/main/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/main/activerecord" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s" }, { "reference_url": "https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065517", "reference_id": "1065517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065517" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0080", "reference_id": "CVE-2014-0080", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0080" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml", "reference_id": "CVE-2014-0080.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml" }, { "reference_url": "https://github.com/advisories/GHSA-hqf9-rc9j-5fmj", "reference_id": "GHSA-hqf9-rc9j-5fmj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hqf9-rc9j-5fmj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12840?format=api", "purl": "pkg:gem/activerecord@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18n5-8cur-m7ae" }, { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-39m4-12ms-skh2" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-3ser-nhqn-mbar" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-hh3w-dxkg-8ygx" }, { "vulnerability": "VCID-mxkb-wz2d-1kb5" }, { "vulnerability": "VCID-pbgu-3zaj-ukay" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-rhyd-xbpb-wufa" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/12652?format=api", "purl": "pkg:gem/activerecord@4.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/12722?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-mxkb-wz2d-1kb5" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12723?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ua6-6a16-9fde" }, { "vulnerability": "VCID-2b1z-1k24-kfb8" }, { "vulnerability": "VCID-34kh-7cbr-s7b9" }, { "vulnerability": "VCID-3qsf-qm7w-y7be" }, { "vulnerability": "VCID-74g9-svkp-h3f1" }, { "vulnerability": "VCID-c7qj-hcu8-p7hc" }, { "vulnerability": "VCID-cgfh-yfn7-7ke9" }, { "vulnerability": "VCID-cvs8-ejdv-uqhy" }, { "vulnerability": "VCID-fbrw-bbm6-fbhp" }, { "vulnerability": "VCID-rd4z-yncp-qkfu" }, { "vulnerability": "VCID-runz-vm7e-a3fs" }, { "vulnerability": "VCID-sfaa-e8am-x7gn" }, { "vulnerability": "VCID-sth3-da79-67bt" }, { "vulnerability": "VCID-u2gv-wvdc-tfbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta2" } ], "aliases": [ "CVE-2014-0080", "GHSA-hqf9-rc9j-5fmj", "OSV-103438" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxkb-wz2d-1kb5" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0" }