Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/authlogic@2.1.6
Typegem
Namespace
Nameauthlogic
Version2.1.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.3.0
Latest_non_vulnerable_version3.3.0
Affected_by_vulnerabilities
0
url VCID-sz4r-kjse-cbdd
vulnerability_id VCID-sz4r-kjse-cbdd
summary 
Remote attacker can conduct SQL injection attacks
Ruby on Rails contains a flaw in the Authlogic gem. The issue is triggered when the program makes an unsafe method call for find_by_id. With a specially crafted parameter in an environment that knows the secret_token value in secret_token.rb, a remote attacker to more easily conduct SQL injection attacks.
references
0
reference_url http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts
1
reference_url http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
reference_id
reference_type
scores
url http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
2
reference_url http://openwall.com/lists/oss-security/2013/01/03/12
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2013/01/03/12
3
reference_url http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html
reference_id
reference_type
scores
url http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-6497
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60612
published_at 2026-04-18T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.60546
published_at 2026-04-04T12:55:00Z
2
value 0.00397
scoring_system epss
scoring_elements 0.60515
published_at 2026-04-07T12:55:00Z
3
value 0.00397
scoring_system epss
scoring_elements 0.60563
published_at 2026-04-08T12:55:00Z
4
value 0.00397
scoring_system epss
scoring_elements 0.6058
published_at 2026-04-09T12:55:00Z
5
value 0.00397
scoring_system epss
scoring_elements 0.60601
published_at 2026-04-11T12:55:00Z
6
value 0.00397
scoring_system epss
scoring_elements 0.60586
published_at 2026-04-12T12:55:00Z
7
value 0.00397
scoring_system epss
scoring_elements 0.60565
published_at 2026-04-13T12:55:00Z
8
value 0.00397
scoring_system epss
scoring_elements 0.60606
published_at 2026-04-16T12:55:00Z
9
value 0.00397
scoring_system epss
scoring_elements 0.60444
published_at 2026-04-01T12:55:00Z
10
value 0.00397
scoring_system epss
scoring_elements 0.60519
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-6497
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6497
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6497
6
reference_url https://github.com/binarylogic/authlogic
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/binarylogic/authlogic
7
reference_url https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873
8
reference_url https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873#diff-724a09c582d42a66c65c0bdaadcb21ee
reference_id
reference_type
scores
url https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873#diff-724a09c582d42a66c65c0bdaadcb21ee
9
reference_url https://github.com/binarylogic/authlogic/pull/341
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/binarylogic/authlogic/pull/341
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/authlogic/OSVDB-89064.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/authlogic/OSVDB-89064.yml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6497
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-6497
12
reference_url https://web.archive.org/web/20130104161608/http://www.securityfocus.com/bid/57084
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130104161608/http://www.securityfocus.com/bid/57084
13
reference_url https://web.archive.org/web/20130116043311/http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130116043311/http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html
14
reference_url http://www.securityfocus.com/bid/57084
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/57084
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
16
reference_url https://github.com/advisories/GHSA-rx7j-mw4c-76g9
reference_id GHSA-rx7j-mw4c-76g9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rx7j-mw4c-76g9
fixed_packages
0
url pkg:gem/authlogic@3.3.0
purl pkg:gem/authlogic@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/authlogic@3.3.0
aliases CVE-2012-6497, GHSA-rx7j-mw4c-76g9, OSV-89064
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sz4r-kjse-cbdd
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/authlogic@2.1.6