Package Instance

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://www.debian.org/security/2011/dsa-2301

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2011/dsa-2301

reference_url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2930

reference_id

CVE-2011-2930

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2930

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml

reference_id

CVE-2011-2930.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml

reference_url

https://github.com/advisories/GHSA-h6w6-xmqv-7q78

reference_id

GHSA-h6w6-xmqv-7q78

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h6w6-xmqv-7q78

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

aliases

CVE-2011-2930, GHSA-h6w6-xmqv-7q78

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-4cky-r218-dkbb

url VCID-bsxw-gh14-rbef

vulnerability_id VCID-bsxw-gh14-rbef

summary

activerecord vulnerable to SQL Injection
The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2695

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json

reference_url

reference_id

reference_type

scores

value	0.00637
scoring_system	epss
scoring_elements	0.70503
published_at	2026-04-21T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70462
published_at	2026-04-08T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70478
published_at	2026-04-09T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70502
published_at	2026-04-11T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70487
published_at	2026-04-12T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70473
published_at	2026-04-13T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70515
published_at	2026-04-16T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70523
published_at	2026-04-18T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70408
published_at	2026-04-01T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70422
published_at	2026-04-02T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70439
published_at	2026-04-04T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70417
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2695

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18

reference_url

https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain

reference_url

https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=831573
reference_id	831573
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=831573

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2695

reference_id

CVE-2012-2695

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2695

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml

reference_id

CVE-2012-2695.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml

reference_url

https://github.com/advisories/GHSA-76wq-xw4h-f8wj

reference_id

GHSA-76wq-xw4h-f8wj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-76wq-xw4h-f8wj

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url pkg:gem/activerecord@3.1.6

purl pkg:gem/activerecord@3.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j7p8-hchp-xbe3

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-kkbt-pr7u-f7gn

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.6

url pkg:gem/activerecord@3.2.6

purl pkg:gem/activerecord@3.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j7p8-hchp-xbe3

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-kkbt-pr7u-f7gn

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.6

aliases CVE-2012-2695, GHSA-76wq-xw4h-f8wj

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bsxw-gh14-rbef

url VCID-j7p8-hchp-xbe3

vulnerability_id VCID-j7p8-hchp-xbe3

summary

Unsafe Query Generation Risk in Ruby on Rails
Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it.

references

reference_url

http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0155

reference_url	http://rhn.redhat.com/errata/RHSA-2013-0155.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-0155.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json

reference_url

reference_id

reference_type

scores

value	0.18174
scoring_system	epss
scoring_elements	0.95204
published_at	2026-04-21T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95171
published_at	2026-04-07T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95178
published_at	2026-04-08T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95182
published_at	2026-04-09T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95188
published_at	2026-04-12T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95191
published_at	2026-04-13T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95199
published_at	2026-04-16T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95203
published_at	2026-04-18T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95155
published_at	2026-04-01T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95166
published_at	2026-04-02T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95167
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI

reference_url

https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0155

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0155

reference_url	https://puppet.com/security/cve/cve-2013-0155
reference_id
reference_type
scores
url	https://puppet.com/security/cve/cve-2013-0155

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2609

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2609

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=892866
reference_id	892866
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=892866

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::
reference_id	cpe:2.3:a:rubyonrails:rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:::::::*

reference_url

https://github.com/advisories/GHSA-gppp-5xc5-wfpx

reference_id

GHSA-gppp-5xc5-wfpx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gppp-5xc5-wfpx

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

reference_url	https://access.redhat.com/errata/RHSA-2013:0155
reference_id	RHSA-2013:0155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0155

fixed_packages

url pkg:gem/activerecord@3.1.10

purl pkg:gem/activerecord@3.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.10

url pkg:gem/activerecord@3.2.0.rc1

purl pkg:gem/activerecord@3.2.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j7p8-hchp-xbe3

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-kkbt-pr7u-f7gn

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-rq7w-zmh4-17e1

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1

url pkg:gem/activerecord@3.2.11

purl pkg:gem/activerecord@3.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.11

aliases CVE-2013-0155, GHSA-gppp-5xc5-wfpx, OSV-89025

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7p8-hchp-xbe3

url VCID-kkbt-pr7u-f7gn

vulnerability_id VCID-kkbt-pr7u-f7gn

summary

Active Record contains SQL Injection
SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.

references

reference_url

http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts

reference_url	http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
reference_id
reference_type
scores
url	http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0220.html

reference_url	http://rhn.redhat.com/errata/RHSA-2013-0155.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-0155.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0220.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0544.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0544.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6496

reference_id

reference_type

scores

value	0.01017
scoring_system	epss
scoring_elements	0.77181
published_at	2026-04-12T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.7721
published_at	2026-04-21T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77219
published_at	2026-04-18T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77217
published_at	2026-04-16T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77166
published_at	2026-04-08T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77174
published_at	2026-04-09T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77202
published_at	2026-04-11T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77115
published_at	2026-04-01T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77177
published_at	2026-04-13T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77122
published_at	2026-04-02T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77151
published_at	2026-04-04T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77133
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6496

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=889649

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=889649

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496

reference_url

http://security.gentoo.org/glsa/glsa-201401-22.xml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://security.gentoo.org/glsa/glsa-201401-22.xml

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM

reference_url

https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain

reference_url	http://www.securityfocus.com/bid/57084
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/57084

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*

100

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-6496

reference_id

CVE-2012-6496

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6496

101

reference_url

https://github.com/advisories/GHSA-gh2w-j7cx-2664

reference_id

GHSA-gh2w-j7cx-2664

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gh2w-j7cx-2664

102

reference_url	https://security.gentoo.org/glsa/201401-22
reference_id	GLSA-201401-22
reference_type
scores
url	https://security.gentoo.org/glsa/201401-22

103

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

104

reference_url	https://access.redhat.com/errata/RHSA-2013:0155
reference_id	RHSA-2013:0155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0155

fixed_packages

url pkg:gem/activerecord@3.1.9

purl pkg:gem/activerecord@3.1.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j7p8-hchp-xbe3

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.9

url pkg:gem/activerecord@3.2.0.rc1

purl pkg:gem/activerecord@3.2.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j7p8-hchp-xbe3

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-kkbt-pr7u-f7gn

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-rq7w-zmh4-17e1

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1

url pkg:gem/activerecord@3.2.10

purl pkg:gem/activerecord@3.2.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j7p8-hchp-xbe3

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.10

aliases CVE-2012-6496, GHSA-gh2w-j7cx-2664, OSV-88661

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkbt-pr7u-f7gn

url VCID-phxs-zet8-ryh3

vulnerability_id VCID-phxs-zet8-ryh3

summary

SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2660

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json

reference_url

reference_id

reference_type

scores

value	0.00294
scoring_system	epss
scoring_elements	0.52796
published_at	2026-04-11T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52745
published_at	2026-04-09T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52663
published_at	2026-04-01T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52708
published_at	2026-04-02T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52734
published_at	2026-04-04T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52751
published_at	2026-04-08T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.527
published_at	2026-04-07T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52792
published_at	2026-04-21T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52808
published_at	2026-04-18T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52801
published_at	2026-04-16T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.52763
published_at	2026-04-13T12:55:00Z

value	0.00294
scoring_system	epss
scoring_elements	0.5278
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2660

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b

reference_url	https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml

reference_url	https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ

reference_url

https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain

reference_url

https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=827353
reference_id	827353
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=827353

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2660

reference_id

CVE-2012-2660

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2660

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml

reference_id

CVE-2012-2660.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml

reference_id

CVE-2012-2660.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml

reference_url

https://github.com/advisories/GHSA-hgpp-pp89-4fgf

reference_id

GHSA-hgpp-pp89-4fgf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hgpp-pp89-4fgf

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url pkg:gem/activerecord@3.1.5

purl pkg:gem/activerecord@3.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j7p8-hchp-xbe3

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-kkbt-pr7u-f7gn

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5

url pkg:gem/activerecord@3.2.0.rc1

purl pkg:gem/activerecord@3.2.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j7p8-hchp-xbe3

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-kkbt-pr7u-f7gn

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-rq7w-zmh4-17e1

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1

url pkg:gem/activerecord@3.2.4

purl pkg:gem/activerecord@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j7p8-hchp-xbe3

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-kkbt-pr7u-f7gn

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4

aliases CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-phxs-zet8-ryh3

url VCID-rq7w-zmh4-17e1

vulnerability_id VCID-rq7w-zmh4-17e1

summary

SQL injection vulnerability in Active Record
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2661

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json

reference_url

reference_id

reference_type

scores

value	0.0073
scoring_system	epss
scoring_elements	0.72697
published_at	2026-04-21T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72652
published_at	2026-04-13T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72694
published_at	2026-04-16T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72705
published_at	2026-04-18T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72604
published_at	2026-04-01T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72611
published_at	2026-04-02T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72628
published_at	2026-04-04T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72605
published_at	2026-04-07T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72644
published_at	2026-04-08T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72656
published_at	2026-04-09T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72679
published_at	2026-04-11T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72662
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661

reference_url	https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml

reference_url

https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2661

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2661

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=827363
reference_id	827363
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=827363

reference_url

https://github.com/advisories/GHSA-fh39-v733-mxfr

reference_id

GHSA-fh39-v733-mxfr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fh39-v733-mxfr

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url pkg:gem/activerecord@3.1.5

purl pkg:gem/activerecord@3.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j7p8-hchp-xbe3

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-kkbt-pr7u-f7gn

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5

url pkg:gem/activerecord@3.2.0.rc1

purl pkg:gem/activerecord@3.2.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j7p8-hchp-xbe3

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-kkbt-pr7u-f7gn

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-phxs-zet8-ryh3

vulnerability	VCID-rq7w-zmh4-17e1

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1

url pkg:gem/activerecord@3.2.4

purl pkg:gem/activerecord@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-3m2y-wy1w-n7h1

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-hbtn-7423-m3gb

vulnerability	VCID-j7p8-hchp-xbe3

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-kkbt-pr7u-f7gn

vulnerability	VCID-n5fx-u6fs-vydu

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nk6g-hhsk-8kaw

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sb9g-rdnm-rqbm

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-xa94-z6yu-skf8

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4

aliases CVE-2012-2661, GHSA-fh39-v733-mxfr, OSV-82403

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rq7w-zmh4-17e1

url VCID-thx6-usb2-kkgc

vulnerability_id VCID-thx6-usb2-kkgc

summary

Nested attributes rejection proc bypass
When using the nested attributes feature in Active Record you can prevent the destruction of associated records by passing the `allow_destroy: false` option to the `accepts_nested_attributes_for` method. The `allow_destroy` flag prevents the `:reject_if` proc from being called because it assumes that the record will be destroyed anyway. However, this is not true if `:allow_destroy` is false so this leads to changes that would have been rejected being applied to the record. Attackers could set attributes to invalid values or clear all the attributes.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-0296.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-0296.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7577

reference_id

reference_type

scores

value	0.01209
scoring_system	epss
scoring_elements	0.79004
published_at	2026-04-21T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78933
published_at	2026-04-01T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78939
published_at	2026-04-02T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78967
published_at	2026-04-04T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78951
published_at	2026-04-07T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78975
published_at	2026-04-08T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78981
published_at	2026-04-09T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.79005
published_at	2026-04-18T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.7899
published_at	2026-04-12T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78979
published_at	2026-04-13T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.79007
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml

reference_url	https://groups.google.com/forum/message/raw?msg=ruby-security-ann/cawsWcQ6c8g/LATIsglZEgAJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/message/raw?msg=ruby-security-ann/cawsWcQ6c8g/LATIsglZEgAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7577

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7577

reference_url

http://www.debian.org/security/2016/dsa-3464

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3464

reference_url

http://www.openwall.com/lists/oss-security/2016/01/25/10

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/10

reference_url	http://www.securityfocus.com/bid/81806
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/81806

reference_url	http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034816

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1301957
reference_id	1301957
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1301957

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::

102

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::

103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::

104

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2::::::

106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*

107

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:::::::*

108

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:::::::*

109

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:::::::*

110

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1::::::

111

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:::::::*

112

reference_url

https://github.com/advisories/GHSA-xrr6-3pc4-m447

reference_id

GHSA-xrr6-3pc4-m447

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xrr6-3pc4-m447

113

reference_url	https://access.redhat.com/errata/RHSA-2016:0296
reference_id	RHSA-2016:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0296

114

reference_url	https://access.redhat.com/errata/RHSA-2016:0454
reference_id	RHSA-2016:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0454

115

reference_url	https://access.redhat.com/errata/RHSA-2016:0455
reference_id	RHSA-2016:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0455

fixed_packages

url pkg:gem/activerecord@3.2.22.1

purl pkg:gem/activerecord@3.2.22.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.22.1

url pkg:gem/activerecord@4.1.14.1

purl pkg:gem/activerecord@4.1.14.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-9t7a-muwx-zyee

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.14.1

url pkg:gem/activerecord@4.2.5.1

purl pkg:gem/activerecord@4.2.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-5qu2-b8gt-7qe3

vulnerability	VCID-9t7a-muwx-zyee

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-qywc-5pj5-y3a9

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.5.1

url pkg:gem/activerecord@5.0.0.beta1.1

purl pkg:gem/activerecord@5.0.0.beta1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-5qu2-b8gt-7qe3

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.0.0.beta1.1

aliases CVE-2015-7577, GHSA-xrr6-3pc4-m447

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-thx6-usb2-kkgc

url VCID-xa94-z6yu-skf8

vulnerability_id VCID-xa94-z6yu-skf8

summary

Symbol DoS vulnerability in Active Record
When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0699.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0699.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1863.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1863.html

reference_url

https://access.redhat.com/errata/RHSA-2013:0699

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0699

reference_url

https://access.redhat.com/errata/RHSA-2014:1863

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1863

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json

reference_url

https://access.redhat.com/security/cve/CVE-2013-1854

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-1854

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1854

reference_id

reference_type

scores

value	0.01795
scoring_system	epss
scoring_elements	0.82723
published_at	2026-04-07T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82803
published_at	2026-04-21T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.828
published_at	2026-04-18T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82761
published_at	2026-04-13T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82766
published_at	2026-04-12T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82748
published_at	2026-04-08T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82771
published_at	2026-04-11T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82697
published_at	2026-04-01T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82755
published_at	2026-04-09T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82713
published_at	2026-04-02T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82726
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1854

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=921329

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=921329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE

reference_url

https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1854

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1854

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url