Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/actionpack@3.1

Type gem

Namespace

Name actionpack

Version 3.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.0.8.7

Latest_non_vulnerable_version 8.1.2.1

Affected_by_vulnerabilities

url VCID-1rgy-k7a9-m7au

vulnerability_id VCID-1rgy-k7a9-m7au

summary

XSS via posted select tag options
Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1099

reference_id

reference_type

scores

value	0.00399
scoring_system	epss
scoring_elements	0.60713
published_at	2026-04-16T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60541
published_at	2026-04-01T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60616
published_at	2026-04-07T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60645
published_at	2026-04-04T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60665
published_at	2026-04-08T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.6068
published_at	2026-04-09T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60705
published_at	2026-04-11T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60691
published_at	2026-04-12T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60671
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1099

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=799276

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=799276

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099

reference_url

https://github.com/advisories/GHSA-2xjj-5x6h-8vmf

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-2xjj-5x6h-8vmf

reference_url	https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-1099

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-1099

reference_url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_url

http://www.debian.org/security/2012/dsa-2466

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2012/dsa-2466

reference_url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_url

http://www.openwall.com/lists/oss-security/2012/03/03/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/03/1

fixed_packages

url pkg:gem/actionpack@3.1.4

purl pkg:gem/actionpack@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-awt1-8bxs-xffs

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.4

url pkg:gem/actionpack@3.2.0.rc1

purl pkg:gem/actionpack@3.2.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1rgy-k7a9-m7au

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-awt1-8bxs-xffs

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-s5ah-tf63-a7cw

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-z1jv-4ga2-7kd1

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1

url pkg:gem/actionpack@3.2.2

purl pkg:gem/actionpack@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-42dz-pxpv-qff3

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-awt1-8bxs-xffs

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-s5ah-tf63-a7cw

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-z1jv-4ga2-7kd1

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.2

aliases CVE-2012-1099, GHSA-2xjj-5x6h-8vmf, OSV-79727

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rgy-k7a9-m7au

url VCID-awt1-8bxs-xffs

vulnerability_id VCID-awt1-8bxs-xffs

summary

actionpack Improper Authentication vulnerability
The `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3424

reference_id

reference_type

scores

value	0.00981
scoring_system	epss
scoring_elements	0.76812
published_at	2026-04-16T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76746
published_at	2026-04-04T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76729
published_at	2026-04-07T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.7676
published_at	2026-04-08T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76771
published_at	2026-04-13T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76799
published_at	2026-04-11T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76779
published_at	2026-04-12T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76714
published_at	2026-04-01T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76718
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3424

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600

reference_url

https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain

reference_url

http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=843711
reference_id	843711
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=843711

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3424

reference_id

CVE-2012-3424

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3424

reference_url

https://github.com/advisories/GHSA-92w9-2pqw-rhjj

reference_id

GHSA-92w9-2pqw-rhjj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-92w9-2pqw-rhjj

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url pkg:gem/actionpack@3.1.7

purl pkg:gem/actionpack@3.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.7

url pkg:gem/actionpack@3.2.0.rc1

purl pkg:gem/actionpack@3.2.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1rgy-k7a9-m7au

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-awt1-8bxs-xffs

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-s5ah-tf63-a7cw

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-z1jv-4ga2-7kd1

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1

url pkg:gem/actionpack@3.2.7

purl pkg:gem/actionpack@3.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-42dz-pxpv-qff3

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-s5ah-tf63-a7cw

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-z1jv-4ga2-7kd1

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.7

aliases CVE-2012-3424, GHSA-92w9-2pqw-rhjj, OSV-84243

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-awt1-8bxs-xffs

url VCID-c1w4-z275-tqg7

vulnerability_id VCID-c1w4-z275-tqg7

summary

Ruby on Rails Potential XSS Vulnerability in select_tag prompt
When a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3463

reference_id

reference_type

scores

value	0.00333
scoring_system	epss
scoring_elements	0.56171
published_at	2026-04-16T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5613
published_at	2026-04-04T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56161
published_at	2026-04-08T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56166
published_at	2026-04-09T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56177
published_at	2026-04-11T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56153
published_at	2026-04-12T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56137
published_at	2026-04-13T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56001
published_at	2026-04-01T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5611
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3463

reference_url

https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64

reference_url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ

reference_url

https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain

reference_url

https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3463

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3463

reference_url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_url	http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=847196
reference_id	847196
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=847196

reference_url

https://github.com/advisories/GHSA-98mf-8f57-64qf

reference_id

GHSA-98mf-8f57-64qf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-98mf-8f57-64qf

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url pkg:gem/actionpack@3.1.8

purl pkg:gem/actionpack@3.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8

url pkg:gem/actionpack@3.2.0.rc1

purl pkg:gem/actionpack@3.2.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1rgy-k7a9-m7au

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-awt1-8bxs-xffs

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-s5ah-tf63-a7cw

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-z1jv-4ga2-7kd1

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1

url pkg:gem/actionpack@3.2.8

purl pkg:gem/actionpack@3.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-42dz-pxpv-qff3

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-s5ah-tf63-a7cw

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-z1jv-4ga2-7kd1

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8

aliases CVE-2012-3463, GHSA-98mf-8f57-64qf, OSV-84515

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1w4-z275-tqg7

url VCID-carc-ntrd-ebfe

vulnerability_id VCID-carc-ntrd-ebfe

summary

Multiple vulnerabilities in parameter parsing in Action Pack
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.

references

reference_url	http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
reference_id
reference_type
scores
url	http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_url	http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0153.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0153.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0155.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0155.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0156

reference_id

reference_type

scores

value	0.91907
scoring_system	epss
scoring_elements	0.99694
published_at	2026-04-16T12:55:00Z

value	0.91907
scoring_system	epss
scoring_elements	0.99692
published_at	2026-04-09T12:55:00Z

value	0.91907
scoring_system	epss
scoring_elements	0.99689
published_at	2026-04-02T12:55:00Z

value	0.91907
scoring_system	epss
scoring_elements	0.99693
published_at	2026-04-11T12:55:00Z

value	0.91907
scoring_system	epss
scoring_elements	0.99691
published_at	2026-04-07T12:55:00Z

value	0.91907
scoring_system	epss
scoring_elements	0.9969
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0156

reference_url

https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ

reference_url

https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0156

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0156

reference_url	https://puppet.com/security/cve/cve-2013-0156
reference_id
reference_type
scores
url	https://puppet.com/security/cve/cve-2013-0156

reference_url

https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

reference_url

https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_url

https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156

reference_url

http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/

reference_url

http://www.debian.org/security/2013/dsa-2604

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2604

reference_url

http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html

reference_url

http://www.insinuator.net/2013/01/rails-yaml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.insinuator.net/2013/01/rails-yaml

reference_url	http://www.insinuator.net/2013/01/rails-yaml/
reference_id
reference_type
scores
url	http://www.insinuator.net/2013/01/rails-yaml/

reference_url

http://www.kb.cert.org/vuls/id/380039

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.kb.cert.org/vuls/id/380039

reference_url

http://www.kb.cert.org/vuls/id/628463

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.kb.cert.org/vuls/id/628463

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722
reference_id	697722
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=892870
reference_id	892870
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=892870

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::
reference_id	cpe:2.3:a:rubyonrails:rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/
reference_id	CVE-2013-0156
reference_type
scores
url	https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb
reference_id	CVE-2013-0156;OSVDB-89026
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb
reference_id	CVE-2013-0156;OSVDB-89026
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb

reference_url

https://github.com/advisories/GHSA-jmgw-6vjg-jjwg

reference_id

GHSA-jmgw-6vjg-jjwg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jmgw-6vjg-jjwg

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

reference_url	https://access.redhat.com/errata/RHSA-2013:0153
reference_id	RHSA-2013:0153
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0153

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

reference_url	https://access.redhat.com/errata/RHSA-2013:0155
reference_id	RHSA-2013:0155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0155

fixed_packages

url pkg:gem/actionpack@3.1.10

purl pkg:gem/actionpack@3.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.10

url pkg:gem/actionpack@3.2.0.rc1

purl pkg:gem/actionpack@3.2.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1rgy-k7a9-m7au

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-awt1-8bxs-xffs

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-s5ah-tf63-a7cw

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-z1jv-4ga2-7kd1

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1

url pkg:gem/actionpack@3.2.11

purl pkg:gem/actionpack@3.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-42dz-pxpv-qff3

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-s5ah-tf63-a7cw

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-z1jv-4ga2-7kd1

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.11

aliases CVE-2013-0156, GHSA-jmgw-6vjg-jjwg, OSV-89026

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-carc-ntrd-ebfe

url VCID-cwa7-9d2t-rfhb

vulnerability_id VCID-cwa7-9d2t-rfhb

summary

actionpack Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3465

reference_id

reference_type

scores

value	0.00333
scoring_system	epss
scoring_elements	0.56171
published_at	2026-04-16T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5611
published_at	2026-04-07T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5613
published_at	2026-04-04T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56161
published_at	2026-04-08T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56166
published_at	2026-04-09T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56177
published_at	2026-04-11T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56153
published_at	2026-04-12T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56137
published_at	2026-04-13T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56001
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3465

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77

reference_url

https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a

reference_url

https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain

reference_url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=847200
reference_id	847200
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=847200

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3465

reference_id

CVE-2012-3465

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3465

reference_url

https://github.com/advisories/GHSA-7g65-ghrg-hpf5

reference_id

GHSA-7g65-ghrg-hpf5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7g65-ghrg-hpf5

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url pkg:gem/actionpack@3.1.8

purl pkg:gem/actionpack@3.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8

url pkg:gem/actionpack@3.2.0.rc1

purl pkg:gem/actionpack@3.2.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1rgy-k7a9-m7au

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-awt1-8bxs-xffs

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-s5ah-tf63-a7cw

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-z1jv-4ga2-7kd1

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1

url pkg:gem/actionpack@3.2.8

purl pkg:gem/actionpack@3.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-42dz-pxpv-qff3

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-s5ah-tf63-a7cw

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-z1jv-4ga2-7kd1

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8

aliases CVE-2012-3465, GHSA-7g65-ghrg-hpf5, OSV-84513

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwa7-9d2t-rfhb

url

VCID-hmp2-rmzv-wkhg

vulnerability_id

VCID-hmp2-rmzv-wkhg

summary

Improper Input Validation
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2929

reference_id

reference_type

scores

value	0.00814
scoring_system	epss
scoring_elements	0.74282
published_at	2026-04-12T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74301
published_at	2026-04-11T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.7428
published_at	2026-04-09T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74259
published_at	2026-04-04T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74232
published_at	2026-04-07T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74228
published_at	2026-04-01T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74265
published_at	2026-04-08T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74311
published_at	2026-04-16T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74274
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2929

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731432

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731432

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml

reference_url

https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2929

reference_id

CVE-2011-2929

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2929

reference_url

https://github.com/advisories/GHSA-r7q2-5gqg-6c7q

reference_id

GHSA-r7q2-5gqg-6c7q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r7q2-5gqg-6c7q

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

aliases

CVE-2011-2929, GHSA-r7q2-5gqg-6c7q

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-hmp2-rmzv-wkhg

url VCID-phxs-zet8-ryh3

vulnerability_id VCID-phxs-zet8-ryh3

summary

SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2660

reference_id

reference_type

scores

value	0.00294
scoring_system	epss
scoring_elements	0.52801
published_at	2026-04-16T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52708
published_at	2026-04-02T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52734
published_at	2026-04-04T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.527
published_at	2026-04-07T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52751
published_at	2026-04-08T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52745
published_at	2026-04-09T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52796
published_at	2026-04-11T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.5278
published_at	2026-04-12T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52763
published_at	2026-04-13T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52663
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2660

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b

reference_url	https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml

reference_url	https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ

reference_url

https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain

reference_url

https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=827353
reference_id	827353
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=827353

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2660

reference_id

CVE-2012-2660

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2660

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml

reference_id

CVE-2012-2660.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml

reference_id

CVE-2012-2660.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml

reference_url

https://github.com/advisories/GHSA-hgpp-pp89-4fgf

reference_id

GHSA-hgpp-pp89-4fgf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hgpp-pp89-4fgf

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url pkg:gem/actionpack@3.1.5

purl pkg:gem/actionpack@3.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-awt1-8bxs-xffs

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.5

url pkg:gem/actionpack@3.2.4

purl pkg:gem/actionpack@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-42dz-pxpv-qff3

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-awt1-8bxs-xffs

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-s5ah-tf63-a7cw

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-z1jv-4ga2-7kd1

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4

aliases CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-phxs-zet8-ryh3

url VCID-rps2-k24p-9qgq

vulnerability_id VCID-rps2-k24p-9qgq

summary

Translate helper method which may allow an attacker to insert arbitrary code into a page
The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped.

references

reference_url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1

reference_url

http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain

reference_url

http://openwall.com/lists/oss-security/2011/11/18/8

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2011/11/18/8

reference_url	http://osvdb.org/77199
reference_id
reference_type
scores
url	http://osvdb.org/77199

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-4319

reference_id

reference_type

scores

value	0.00607
scoring_system	epss
scoring_elements	0.6969
published_at	2026-04-12T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69705
published_at	2026-04-11T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69684
published_at	2026-04-09T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69666
published_at	2026-04-08T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69615
published_at	2026-04-07T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69607
published_at	2026-04-01T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69718
published_at	2026-04-16T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69677
published_at	2026-04-13T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69636
published_at	2026-04-04T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69621
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-4319

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/71364

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/71364

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c

reference_url

https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade

reference_url	https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU

reference_url

https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722

reference_url

https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342

reference_url

http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released

reference_url

http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released

reference_url	http://www.securityfocus.com/bid/50722
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/50722

reference_url	http://www.securitytracker.com/id?1026342
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1026342

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=755004
reference_id	755004
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=755004

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-4319

reference_id

CVE-2011-4319

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-4319

reference_url

https://github.com/advisories/GHSA-xxr8-833v-c7wc

reference_id

GHSA-xxr8-833v-c7wc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xxr8-833v-c7wc

fixed_packages

url pkg:gem/actionpack@3.1.2

purl pkg:gem/actionpack@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1rgy-k7a9-m7au

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-awt1-8bxs-xffs

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.2

aliases CVE-2011-4319, GHSA-xxr8-833v-c7wc, OSV-77199

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rps2-k24p-9qgq

url VCID-tt6r-bytq-4fa4

vulnerability_id VCID-tt6r-bytq-4fa4

summary

actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2694

reference_id

reference_type

scores

value	0.0022
scoring_system	epss
scoring_elements	0.44682
published_at	2026-04-08T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44693
published_at	2026-04-04T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44728
published_at	2026-04-16T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44671
published_at	2026-04-13T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.4467
published_at	2026-04-12T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44701
published_at	2026-04-11T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44684
published_at	2026-04-09T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44631
published_at	2026-04-07T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44593
published_at	2026-04-01T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44673
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2694

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a

reference_url

https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52

reference_url

https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain

reference_url

https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=831581
reference_id	831581
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=831581

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2694

reference_id

CVE-2012-2694

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2694

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml

reference_id

CVE-2012-2694.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml

reference_url

https://github.com/advisories/GHSA-q34c-48gc-m9g8

reference_id

GHSA-q34c-48gc-m9g8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q34c-48gc-m9g8

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url pkg:gem/actionpack@3.1.6

purl pkg:gem/actionpack@3.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-awt1-8bxs-xffs

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.6

url pkg:gem/actionpack@3.2.6

purl pkg:gem/actionpack@3.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xgz-hwng-n3eq

vulnerability	VCID-333w-aacz-mfcr

vulnerability	VCID-35rt-t6e1-pfa6

vulnerability	VCID-3wtf-uu89-2qe5

vulnerability	VCID-3x4p-t3yb-3yak

vulnerability	VCID-3zdr-vasc-a7cn

vulnerability	VCID-42dz-pxpv-qff3

vulnerability	VCID-49pq-vg95-jkh2

vulnerability	VCID-4epw-vk25-mfdw

vulnerability	VCID-4he5-y1u4-gkd2

vulnerability	VCID-5hqj-fxmk-cbcy

vulnerability	VCID-63gy-6njy-kbd8

vulnerability	VCID-6j55-bstz-yybj

vulnerability	VCID-7f5r-9h1g-nuch

vulnerability	VCID-86jq-2md2-d7ah

vulnerability	VCID-9hq5-3usy-5fhq

vulnerability	VCID-a6sp-18av-wya6

vulnerability	VCID-awt1-8bxs-xffs

vulnerability	VCID-bjwf-uhyk-63aj

vulnerability	VCID-c1w4-z275-tqg7

vulnerability	VCID-carc-ntrd-ebfe

vulnerability	VCID-cdnw-t8n1-23ep

vulnerability	VCID-cnqr-6e98-5kgk

vulnerability	VCID-cwa7-9d2t-rfhb

vulnerability	VCID-dd9p-x7k3-37ea

vulnerability	VCID-ehbj-aezy-d7h4

vulnerability	VCID-g3rk-djae-pkeh

vulnerability	VCID-h8gs-ansa-9bd9

vulnerability	VCID-h94p-ywve-y7h9

vulnerability	VCID-hmp2-rmzv-wkhg

vulnerability	VCID-hppf-a715-r7b2

vulnerability	VCID-j24x-nhsb-yug6

vulnerability	VCID-kcj2-v7av-47cv

vulnerability	VCID-knsd-pv15-tydx

vulnerability	VCID-mep3-6sub-ykdk

vulnerability	VCID-mnkw-23eu-bkgc

vulnerability	VCID-msda-xqbp-qfdd

vulnerability	VCID-n8cc-3stk-97b5

vulnerability	VCID-nf8s-2aaa-17fw

vulnerability	VCID-p5mc-r1rg-5ff7

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-pmrb-t3bm-zkb6

vulnerability	VCID-rps2-k24p-9qgq

vulnerability	VCID-s5ah-tf63-a7cw

vulnerability	VCID-sfyc-jewr-wuf5

vulnerability	VCID-sgdb-985e-4uej

vulnerability	VCID-tt6r-bytq-4fa4

vulnerability	VCID-v3r3-bwp5-a3bn

vulnerability	VCID-vgm2-8wjy-x7ed

vulnerability	VCID-wg3a-j2dp-ayh4

vulnerability	VCID-y8gn-9fat-e7d1

vulnerability	VCID-ynqu-cjn9-fqf2

vulnerability	VCID-z1jv-4ga2-7kd1

vulnerability	VCID-zkvd-bfd6-t7dg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.6

aliases CVE-2012-2694, GHSA-q34c-48gc-m9g8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tt6r-bytq-4fa4

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1

Package Instance