Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/133993?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/133993?format=api", "purl": "pkg:gem/rails@0.8.0", "type": "gem", "namespace": "", "name": "rails", "version": "0.8.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.1.7.7", "latest_non_vulnerable_version": "7.1.3.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8396?format=api", "vulnerability_id": "VCID-2mcx-b9k2-83bh", "summary": "Ruby on Rails vulnerable to code injection\nRuby on Rails before 1.1.5 allows remote attackers to execute Ruby code with \"severe\" or \"serious\" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.", "references": [ { "reference_url": "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88406", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88414", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88403", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88397", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.8835", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88373", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88359", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88378", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4111" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4111" }, { "reference_url": "https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454" }, { "reference_url": "https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673" }, { "reference_url": "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits" }, { "reference_url": "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml" }, { "reference_url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255", "reference_id": "382255", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4111", "reference_id": "CVE-2006-4111", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4111" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml", "reference_id": "CVE-2006-4111.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml" }, { "reference_url": "https://github.com/advisories/GHSA-rvpq-5xqx-pfpp", "reference_id": "GHSA-rvpq-5xqx-pfpp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rvpq-5xqx-pfpp" }, { "reference_url": "https://security.gentoo.org/glsa/200608-20", "reference_id": "GLSA-200608-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200608-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25077?format=api", "purl": "pkg:gem/rails@1.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-4zhj-en7h-3yaz" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-9hvm-2hnk-hyev" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-nzeb-cy9e-tkax" }, { "vulnerability": "VCID-r1u7-1avr-fqbs" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wgr4-rzk2-4yet" }, { "vulnerability": "VCID-wyqh-g8df-hkay" }, { "vulnerability": "VCID-xqzj-cww4-nbcy" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.1.6" } ], "aliases": [ "CVE-2006-4111", "GHSA-rvpq-5xqx-pfpp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2mcx-b9k2-83bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6939?format=api", "vulnerability_id": "VCID-35rt-t6e1-pfa6", "summary": "Directory Traversal Vulnerability With Certain Route Configurations\nThe implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the RoR application server.", "references": [ { "reference_url": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/" } ], "url": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf" }, { "reference_url": "http://osvdb.org/show/osvdb/106704", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/show/osvdb/106704" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0510", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.45374", "scoring_system": "epss", "scoring_elements": "0.97593", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.45374", "scoring_system": "epss", "scoring_elements": "0.97592", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.45374", "scoring_system": "epss", "scoring_elements": "0.97604", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.45374", "scoring_system": "epss", "scoring_elements": "0.97605", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.45374", "scoring_system": "epss", "scoring_elements": "0.97589", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.45374", "scoring_system": "epss", "scoring_elements": "0.97601", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.45374", "scoring_system": "epss", "scoring_elements": "0.97598", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.45374", "scoring_system": "epss", "scoring_elements": "0.97583", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.45374", "scoring_system": "epss", "scoring_elements": "0.97606", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0130" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095105", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk" }, { "reference_url": "https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244" }, { "reference_url": "https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf" }, { "reference_url": "https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130" }, { "reference_url": "http://www.securityfocus.com/bid/67244", "reference_id": "67244", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/" } ], "url": "http://www.securityfocus.com/bid/67244" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-0130", "reference_id": "CVE-2014-0130", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-0130" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0130", "reference_id": "CVE-2014-0130", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0130" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml", "reference_id": "CVE-2014-0130.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml" }, { "reference_url": "https://github.com/advisories/GHSA-6x85-j5j2-27jx", "reference_id": "GHSA-6x85-j5j2-27jx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6x85-j5j2-27jx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20662?format=api", "purl": "pkg:gem/rails@3.2.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.2.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/20663?format=api", "purl": "pkg:gem/rails@4.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-pb5f-g4uc-r7fp" }, { "vulnerability": "VCID-s5ah-tf63-a7cw" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-v3r3-bwp5-a3bn" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/20664?format=api", "purl": "pkg:gem/rails@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-pb5f-g4uc-r7fp" }, { "vulnerability": "VCID-s5ah-tf63-a7cw" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-v3r3-bwp5-a3bn" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.1" } ], "aliases": [ "CVE-2014-0130", "GHSA-6x85-j5j2-27jx" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-35rt-t6e1-pfa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6903?format=api", "vulnerability_id": "VCID-3wtf-uu89-2qe5", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/8" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75435", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75378", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75382", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75415", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75394", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75438", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75447", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75467", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75446", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4" }, { "reference_url": "https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782" }, { "reference_url": "https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647" }, { "reference_url": "https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520", "reference_id": "1065520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081", "reference_id": "CVE-2014-0081", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081" }, { "reference_url": "https://github.com/advisories/GHSA-m46p-ggm5-5j83", "reference_id": "GHSA-m46p-ggm5-5j83", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m46p-ggm5-5j83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0215", "reference_id": "RHSA-2014:0215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0306", "reference_id": "RHSA-2014:0306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0306" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20549?format=api", "purl": "pkg:gem/rails@3.2.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.2.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/20557?format=api", "purl": "pkg:gem/rails@4.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-pb5f-g4uc-r7fp" }, { "vulnerability": "VCID-s5ah-tf63-a7cw" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-v3r3-bwp5-a3bn" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/20558?format=api", "purl": "pkg:gem/rails@4.1.0.beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-pb5f-g4uc-r7fp" }, { "vulnerability": "VCID-s5ah-tf63-a7cw" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-v3r3-bwp5-a3bn" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.0.beta2" }, { "url": "http://public2.vulnerablecode.io/api/packages/134457?format=api", "purl": "pkg:gem/rails@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-pb5f-g4uc-r7fp" }, { "vulnerability": "VCID-s5ah-tf63-a7cw" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-v3r3-bwp5-a3bn" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.0" } ], "aliases": [ "CVE-2014-0081", "GHSA-m46p-ggm5-5j83", "OSV-103439" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3wtf-uu89-2qe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8468?format=api", "vulnerability_id": "VCID-4zhj-en7h-3yaz", "summary": "Improper Authentication\nThe example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "reference_url": "http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60909", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60893", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60779", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60898", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60917", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60931", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60844", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.6088", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60852", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422" }, { "reference_url": "http://secunia.com/advisories/35702", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/35702" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51528", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51528" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702" }, { "reference_url": "https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579" }, { "reference_url": "http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest" }, { "reference_url": "http://www.securityfocus.com/bid/35579", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/35579" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/1802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/1802" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=509564", "reference_id": "509564", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509564" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896", "reference_id": "535896", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2422", "reference_id": "CVE-2009-2422", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2422" }, { "reference_url": "https://github.com/advisories/GHSA-rxq3-gm4p-5fj4", "reference_id": "GHSA-rxq3-gm4p-5fj4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxq3-gm4p-5fj4" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25340?format=api", "purl": "pkg:gem/rails@2.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-3zdr-vasc-a7cn" }, { "vulnerability": "VCID-49pq-vg95-jkh2" }, { "vulnerability": "VCID-7f5r-9h1g-nuch" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-j24x-nhsb-yug6" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.3" } ], "aliases": [ "CVE-2009-2422", "GHSA-rxq3-gm4p-5fj4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zhj-en7h-3yaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8402?format=api", "vulnerability_id": "VCID-877d-u9ag-qqdr", "summary": "Rails Denial of Service vulnerability\nUnspecified vulnerability in the \"dependency resolution mechanism\" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or \"data loss,\" a different vulnerability than CVE-2006-4111.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91681", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91724", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91728", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91726", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91723", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91716", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91695", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.9169", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91703", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4112" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4112", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4112" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28364", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28364" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454" }, { "reference_url": "https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673" }, { "reference_url": "http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure" }, { "reference_url": "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml" }, { "reference_url": "http://www.kb.cert.org/vuls/id/699540", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/699540" }, { "reference_url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255", "reference_id": "382255", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4112", "reference_id": "CVE-2006-4112", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4112" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml", "reference_id": "CVE-2006-4112.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9wrq-xvmp-xjc8", "reference_id": "GHSA-9wrq-xvmp-xjc8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9wrq-xvmp-xjc8" }, { "reference_url": "https://security.gentoo.org/glsa/200608-20", "reference_id": "GLSA-200608-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200608-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25077?format=api", "purl": "pkg:gem/rails@1.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-4zhj-en7h-3yaz" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-9hvm-2hnk-hyev" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-nzeb-cy9e-tkax" }, { "vulnerability": "VCID-r1u7-1avr-fqbs" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wgr4-rzk2-4yet" }, { "vulnerability": "VCID-wyqh-g8df-hkay" }, { "vulnerability": "VCID-xqzj-cww4-nbcy" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.1.6" } ], "aliases": [ "CVE-2006-4112", "GHSA-9wrq-xvmp-xjc8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-877d-u9ag-qqdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33951?format=api", "vulnerability_id": "VCID-895a-ydc5-zfg6", "summary": "Circumvention of file size limits in ActiveStorage\nThere is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user.\n\nVersions Affected: rails < 5.2.4.2, rails < 6.0.3.1\nNot affected: Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter.\nFixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1\n\nImpact\n------\n\nUtilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server. This could be used to bypass controls in place on the server to limit upload size.\n\nWorkarounds\n-----------\n\nThis is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81411", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81418", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81378", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81431", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81409", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81405", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81376", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81347", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81356", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://github.com/aws/aws-sdk-ruby", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aws/aws-sdk-ruby" }, { "reference_url": "https://github.com/aws/aws-sdk-ruby/issues/2098", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aws/aws-sdk-ruby/issues/2098" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ" }, { "reference_url": "https://hackerone.com/reports/789579", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/789579" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8162" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4766", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843005", "reference_id": "1843005", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843005" }, { "reference_url": "https://github.com/advisories/GHSA-m42x-37p3-fv5w", "reference_id": "GHSA-m42x-37p3-fv5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m42x-37p3-fv5w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/208404?format=api", "purl": "pkg:gem/rails@5.2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/208415?format=api", "purl": "pkg:gem/rails@6.0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1xgz-hwng-n3eq" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-zy7d-3db6-sydw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1" } ], "aliases": [ "CVE-2020-8162", "GHSA-m42x-37p3-fv5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-895a-ydc5-zfg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10455?format=api", "vulnerability_id": "VCID-8dad-dvat-1fg4", "summary": "Path Traversal in Action View\n# File Content Disclosure in Action View\n\nImpact \n------ \nThere is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents. \n\nThe impact is limited to calls to `render` which render file contents without a specified accept format. Impacted code in a controller looks something like this: \n\n``` ruby\nclass UserController < ApplicationController \n def index \n render file: \"#{Rails.root}/some/file\" \n end \nend \n``` \n\nRendering templates as opposed to files is not impacted by this vulnerability. \n\nAll users running an affected release should either upgrade or use one of the workarounds immediately. \n\nReleases \n-------- \nThe 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, and 4.2.11.1 releases are available at the normal locations. \n\nWorkarounds \n----------- \nThis vulnerability can be mitigated by specifying a format for file rendering, like this: \n\n``` ruby\nclass UserController < ApplicationController \n def index \n render file: \"#{Rails.root}/some/file\", formats: [:html] \n end \nend \n``` \n\nIn summary, impacted calls to `render` look like this: \n\n``` \nrender file: \"#{Rails.root}/some/file\" \n``` \n\nThe vulnerability can be mitigated by changing to this: \n\n``` \nrender file: \"#{Rails.root}/some/file\", formats: [:html] \n``` \n\nOther calls to `render` are not impacted. \n\nAlternatively, the following monkey patch can be applied in an initializer: \n\n``` ruby\n$ cat config/initializers/formats_filter.rb \n# frozen_string_literal: true \n\nActionDispatch::Request.prepend(Module.new do \n def formats \n super().select do |format| \n format.symbol || format.ref == \"*/*\" \n end \n end \nend) \n``` \n\nCredits \n------- \nThanks to John Hawthorn <john@hawthorn.email> of GitHub", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html" }, { "reference_url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0796", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1147", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1149", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1289", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1289" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94318", "scoring_system": "epss", "scoring_elements": "0.9995", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418" }, { "reference_url": "https://www.exploit-db.com/exploits/46585", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46585" }, { "reference_url": "https://www.exploit-db.com/exploits/46585/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://www.exploit-db.com/exploits/46585/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/03/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689159", "reference_id": "1689159", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689159" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520", "reference_id": "924520", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py", "reference_id": "CVE-2019-5418", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5418", "reference_id": "CVE-2019-5418", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5418" }, { "reference_url": "https://github.com/advisories/GHSA-86g5-2wh3-gc9j", "reference_id": "GHSA-86g5-2wh3-gc9j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-86g5-2wh3-gc9j" }, { "reference_url": "https://usn.ubuntu.com/7646-1/", "reference_id": "USN-7646-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7646-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35619?format=api", "purl": "pkg:gem/rails@4.2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35621?format=api", "purl": "pkg:gem/rails@5.0.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.0.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35623?format=api", "purl": "pkg:gem/rails@5.1.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.1.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35625?format=api", "purl": "pkg:gem/rails@5.2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.2.1" } ], "aliases": [ "CVE-2019-5418", "GHSA-86g5-2wh3-gc9j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8dad-dvat-1fg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8449?format=api", "vulnerability_id": "VCID-9hvm-2hnk-hyev", "summary": "The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.", "references": [ { "reference_url": "http://dev.rubyonrails.org/changeset/8177", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://dev.rubyonrails.org/changeset/8177" }, { "reference_url": "http://dev.rubyonrails.org/ticket/10048", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://dev.rubyonrails.org/ticket/10048" }, { "reference_url": "http://docs.info.apple.com/article.html?artnum=307179", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://docs.info.apple.com/article.html?artnum=307179" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87142", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87139", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87132", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87111", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.8709", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87101", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87147", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87152", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077" }, { "reference_url": "http://secunia.com/advisories/27781", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/27781" }, { "reference_url": "http://secunia.com/advisories/28136", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/28136" }, { "reference_url": "https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release" }, { "reference_url": "http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release" }, { "reference_url": "http://www.securityfocus.com/bid/26598", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/26598" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/4009", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/4009" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/4238" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748", "reference_id": "452748", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6077", "reference_id": "CVE-2007-6077", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6077" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml", "reference_id": "CVE-2007-6077.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml" }, { "reference_url": "https://github.com/advisories/GHSA-p4c6-77gc-694x", "reference_id": "GHSA-p4c6-77gc-694x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p4c6-77gc-694x" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25181?format=api", "purl": "pkg:gem/rails@1.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-4zhj-en7h-3yaz" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-nzeb-cy9e-tkax" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyqh-g8df-hkay" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.6" } ], "aliases": [ "CVE-2007-6077", "GHSA-p4c6-77gc-694x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hvm-2hnk-hyev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33938?format=api", "vulnerability_id": "VCID-a6sp-18av-wya6", "summary": "Possible Strong Parameters Bypass in ActionPack\nThere is a strong parameters bypass vector in ActionPack.\n\nVersions Affected: rails <= 6.0.3\nNot affected: rails < 5.0.0\nFixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1\n\nImpact\n------\nIn some cases user supplied information can be inadvertently leaked from\nStrong Parameters. Specifically the return value of `each`, or `each_value`,\nor `each_pair` will return the underlying \"untrusted\" hash of data that was\nread from the parameters. Applications that use this return value may be\ninadvertently use untrusted user input.\n\nImpacted code will look something like this:\n\n```\ndef update\n # Attacker has included the parameter: `{ is_admin: true }`\n User.update(clean_up_params)\nend\n\ndef clean_up_params\n params.each { |k, v| SomeModel.check(v) if k == :name }\nend\n```\n\nNote the mistaken use of `each` in the `clean_up_params` method in the above\nexample.\n\nWorkarounds\n-----------\nDo not use the return values of `each`, `each_value`, or `each_pair` in your\napplication.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91732", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.9169", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91698", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91703", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91712", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91724", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91731", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91734", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91736", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY" }, { "reference_url": "https://hackerone.com/reports/292797", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/292797" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8164" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4766", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842634", "reference_id": "1842634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842634" }, { "reference_url": "https://github.com/advisories/GHSA-8727-m6gj-mc37", "reference_id": "GHSA-8727-m6gj-mc37", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8727-m6gj-mc37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/208405?format=api", "purl": "pkg:gem/rails@5.2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/208415?format=api", "purl": "pkg:gem/rails@6.0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1xgz-hwng-n3eq" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-zy7d-3db6-sydw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1" } ], "aliases": [ "CVE-2020-8164", "GHSA-8727-m6gj-mc37" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6sp-18av-wya6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10495?format=api", "vulnerability_id": "VCID-c8b5-d83n-nuhw", "summary": "Allocation of Resources Without Limits or Throttling\nThere is a possible denial of service vulnerability in Action View (Rails) where specially crafted accept headers can cause action view to consume % cpu and make the server unresponsive.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0796", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1147", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1149", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1289", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1289" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93803", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93764", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93773", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93783", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93787", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93795", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93798", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5419" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715" }, { "reference_url": "https://github.com/rails/rails/pull/35708", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/pull/35708" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/03/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689160", "reference_id": "1689160", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689160" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520", "reference_id": "924520", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5419", "reference_id": "CVE-2019-5419", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5419" }, { "reference_url": "https://github.com/advisories/GHSA-m63j-wh5w-c252", "reference_id": "GHSA-m63j-wh5w-c252", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m63j-wh5w-c252" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35619?format=api", "purl": "pkg:gem/rails@4.2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35621?format=api", "purl": "pkg:gem/rails@5.0.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.0.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35623?format=api", "purl": "pkg:gem/rails@5.1.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.1.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35625?format=api", "purl": "pkg:gem/rails@5.2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.2.1" } ], "aliases": [ "CVE-2019-5419", "GHSA-m63j-wh5w-c252" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c8b5-d83n-nuhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8392?format=api", "vulnerability_id": "VCID-cnqr-6e98-5kgk", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.7132", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71274", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71282", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.713", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71316", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71329", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71352", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71337", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446" }, { "reference_url": "http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43274" }, { "reference_url": "http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43666" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217" }, { "reference_url": "https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666" }, { "reference_url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291" }, { "reference_url": "https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2247", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2247" }, { "reference_url": "http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/46291" }, { "reference_url": "http://www.securitytracker.com/id?1025064", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1025064" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0587", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0587" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864", "reference_id": "614864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0446", "reference_id": "CVE-2011-0446", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0446" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml", "reference_id": "CVE-2011-0446.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml", "reference_id": "CVE-2011-0446.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml" }, { "reference_url": "https://github.com/advisories/GHSA-75w6-p6mg-vh8j", "reference_id": "GHSA-75w6-p6mg-vh8j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75w6-p6mg-vh8j" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25071?format=api", "purl": "pkg:gem/rails@2.3.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/25072?format=api", "purl": "pkg:gem/rails@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-j24x-nhsb-yug6" }, { "vulnerability": "VCID-mep3-6sub-ykdk" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-pmrb-t3bm-zkb6" }, { "vulnerability": "VCID-rps2-k24p-9qgq" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.0.4" } ], "aliases": [ "CVE-2011-0446", "GHSA-75w6-p6mg-vh8j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cnqr-6e98-5kgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33504?format=api", "vulnerability_id": "VCID-es1t-7196-4kbb", "summary": "CSRF Vulnerability in rails-ujs\nThere is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains.\n\nVersions Affected: rails <= 6.0.3\nNot affected: Applications which don't use rails-ujs.\nFixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1\n\nImpact\n------\n\nThis is a regression of CVE-2015-1840.\n\nIn the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to a cross-origin URL, and the CSRF token will be sent.\n\nWorkarounds\n-----------\n\nTo work around this problem, change code that allows users to control the href attribute of an anchor tag or the action attribute of a form tag to filter the user parameters.\n\nFor example, code like this:\n\n link_to params\n\nto code like this:\n\n link_to filtered_params\n\n def filtered_params\n # Filter just the parameters that you trust\n end", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69242", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69177", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69192", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69213", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69195", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69245", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69263", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69285", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69271", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0" }, { "reference_url": "https://hackerone.com/reports/189878", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/189878" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8167" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4766", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843084", "reference_id": "1843084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843084" }, { "reference_url": "https://github.com/advisories/GHSA-xq5j-gw7f-jgj8", "reference_id": "GHSA-xq5j-gw7f-jgj8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xq5j-gw7f-jgj8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/208405?format=api", "purl": "pkg:gem/rails@5.2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/208415?format=api", "purl": "pkg:gem/rails@6.0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1xgz-hwng-n3eq" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-zy7d-3db6-sydw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1" } ], "aliases": [ "CVE-2020-8167", "GHSA-xq5j-gw7f-jgj8" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-es1t-7196-4kbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33526?format=api", "vulnerability_id": "VCID-g5q6-7uav-sqh1", "summary": "Remote code execution via user-provided local names in ActionView\nThe is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90927", "scoring_system": "epss", "scoring_elements": "0.99632", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.90927", "scoring_system": "epss", "scoring_elements": "0.99631", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.90927", "scoring_system": "epss", "scoring_elements": "0.99633", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.90927", "scoring_system": "epss", "scoring_elements": "0.9963", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0" }, { "reference_url": "https://hackerone.com/reports/304805", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/304805" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8163", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8163" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848724", "reference_id": "1848724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848724" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb", "reference_id": "CVE-2020-8163", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb" }, { "reference_url": "https://github.com/advisories/GHSA-cr3x-7m39-c6jq", "reference_id": "GHSA-cr3x-7m39-c6jq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cr3x-7m39-c6jq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21671?format=api", "purl": "pkg:gem/rails@5.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-6yr6-a21g-dyf5" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.0.1" } ], "aliases": [ "CVE-2020-8163", "GHSA-cr3x-7m39-c6jq" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5q6-7uav-sqh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8428?format=api", "vulnerability_id": "VCID-gsx2-9sc2-3fbr", "summary": "Moderate severity vulnerability that affects rails\nCross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.", "references": [ { "reference_url": "http://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/rails/rails" }, { "reference_url": "http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5" }, { "reference_url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81902", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81848", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.8187", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81866", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81893", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81899", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81919", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81907", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214" }, { "reference_url": "http://secunia.com/advisories/37446", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/37446" }, { "reference_url": "http://secunia.com/advisories/38915", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/38915" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2260", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2260" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/27/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/27/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/12/08/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/12/08/3" }, { "reference_url": "http://www.securityfocus.com/bid/37142", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/37142" }, { "reference_url": "http://www.securitytracker.com/id?1023245", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id?1023245" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3352", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2009/3352" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=542786", "reference_id": "542786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=542786" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685", "reference_id": "558685", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4214", "reference_id": "CVE-2009-4214", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4214" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml", "reference_id": "CVE-2009-4214.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9p3v-wf2w-v29c", "reference_id": "GHSA-9p3v-wf2w-v29c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9p3v-wf2w-v29c" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25130?format=api", "purl": "pkg:gem/rails@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-3zdr-vasc-a7cn" }, { "vulnerability": "VCID-49pq-vg95-jkh2" }, { "vulnerability": "VCID-4zhj-en7h-3yaz" }, { "vulnerability": "VCID-7f5r-9h1g-nuch" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-j24x-nhsb-yug6" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/25131?format=api", "purl": "pkg:gem/rails@2.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-49pq-vg95-jkh2" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-j24x-nhsb-yug6" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.5" } ], "aliases": [ "CVE-2009-4214", "GHSA-9p3v-wf2w-v29c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsx2-9sc2-3fbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16390?format=api", "vulnerability_id": "VCID-hppf-a715-r7b2", "summary": "ReDoS based DoS vulnerability in Action Dispatch\nThere is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.81266", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.8121", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.81234", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.81262", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.81267", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.81288", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.81274", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f" }, { "reference_url": "https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0" }, { "reference_url": "https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164799", "reference_id": "2164799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164799" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795", "reference_id": "CVE-2023-22795", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795" }, { "reference_url": "https://github.com/advisories/GHSA-8xww-x3g3-6jcv", "reference_id": "GHSA-8xww-x3g3-6jcv", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8xww-x3g3-6jcv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55818?format=api", "purl": "pkg:gem/rails@6.1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-65tq-e5eb-eucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/55813?format=api", "purl": "pkg:gem/rails@7.0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5bh7-drnb-7ygg" }, { "vulnerability": "VCID-65tq-e5eb-eucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.4.1" } ], "aliases": [ "CVE-2023-22795", "GHSA-8xww-x3g3-6jcv", "GMS-2023-56" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hppf-a715-r7b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34108?format=api", "vulnerability_id": "VCID-mnkw-23eu-bkgc", "summary": "Ability to forge per-form CSRF tokens in Rails\nIt is possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session.\n\nImpact\n------\n\nGiven the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session.\n\nWorkarounds\n-----------\n\nThis is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63311", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63348", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63364", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63347", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63329", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63278", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63312", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63284", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63225", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw" }, { "reference_url": "https://hackerone.com/reports/732415", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/732415" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8166" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4766", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843152", "reference_id": "1843152", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843152" }, { "reference_url": "https://github.com/advisories/GHSA-jp5v-5gx4-jmj9", "reference_id": "GHSA-jp5v-5gx4-jmj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jp5v-5gx4-jmj9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/208405?format=api", "purl": "pkg:gem/rails@5.2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/208415?format=api", "purl": "pkg:gem/rails@6.0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1xgz-hwng-n3eq" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-zy7d-3db6-sydw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1" } ], "aliases": [ "CVE-2020-8166", "GHSA-jp5v-5gx4-jmj9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mnkw-23eu-bkgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8423?format=api", "vulnerability_id": "VCID-nzeb-cy9e-tkax", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nMultiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.", "references": [ { "reference_url": "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1" }, { "reference_url": "http://gist.github.com/8946", "reference_id": "", "reference_type": "", "scores": [], "url": "http://gist.github.com/8946" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" }, { "reference_url": "http://rails.lighthouseapp.com/projects/8994/tickets/288", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rails.lighthouseapp.com/projects/8994/tickets/288" }, { "reference_url": "http://rails.lighthouseapp.com/projects/8994/tickets/964", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rails.lighthouseapp.com/projects/8994/tickets/964" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86839", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86782", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86812", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86806", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86834", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86847", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86844", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4094" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094" }, { "reference_url": "http://secunia.com/advisories/31875", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31875" }, { "reference_url": "http://secunia.com/advisories/31909", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31909" }, { "reference_url": "http://secunia.com/advisories/31910", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31910" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45109", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45109" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645" }, { "reference_url": "https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1" }, { "reference_url": "https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch" }, { "reference_url": "https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch" }, { "reference_url": "https://web.archive.org/web/20081104151751/http://gist.github.com/8946", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081104151751/http://gist.github.com/8946" }, { "reference_url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875" }, { "reference_url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/" }, { "reference_url": "https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909" }, { "reference_url": "https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910" }, { "reference_url": "https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562" }, { "reference_url": "https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176" }, { "reference_url": "https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/09/13/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2008/09/13/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/09/16/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2008/09/16/1" }, { "reference_url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter" }, { "reference_url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/" }, { "reference_url": "http://www.securityfocus.com/bid/31176", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/31176" }, { "reference_url": "http://www.securitytracker.com/id?1020871", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1020871" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/2562", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/2562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791", "reference_id": "500791", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4094", "reference_id": "CVE-2008-4094", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4094" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml", "reference_id": "CVE-2008-4094.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xf96-32q2-9rw2", "reference_id": "GHSA-xf96-32q2-9rw2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xf96-32q2-9rw2" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25172?format=api", "purl": "pkg:gem/rails@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-3zdr-vasc-a7cn" }, { "vulnerability": "VCID-49pq-vg95-jkh2" }, { "vulnerability": "VCID-4zhj-en7h-3yaz" }, { "vulnerability": "VCID-7f5r-9h1g-nuch" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-j24x-nhsb-yug6" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-vgm2-8wjy-x7ed" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.1.1" } ], "aliases": [ "CVE-2008-4094", "GHSA-xf96-32q2-9rw2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nzeb-cy9e-tkax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8420?format=api", "vulnerability_id": "VCID-r1u7-1avr-fqbs", "summary": "Moderate severity vulnerability that affects rails\nRails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.", "references": [ { "reference_url": "http://bugs.gentoo.org/show_bug.cgi?id=195315", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=195315" }, { "reference_url": "http://docs.info.apple.com/article.html?artnum=307179", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://docs.info.apple.com/article.html?artnum=307179" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93255", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93269", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93263", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93284", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93283", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93285", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93281", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93276", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93268", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5379" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200711-17.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-200711-17.xml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release" }, { "reference_url": "https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453" }, { "reference_url": "http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/3508", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/3508" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/4238" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5379", "reference_id": "CVE-2007-5379", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5379" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml", "reference_id": "CVE-2007-5379.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml" }, { "reference_url": "https://github.com/advisories/GHSA-fjfg-q662-gm6j", "reference_id": "GHSA-fjfg-q662-gm6j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fjfg-q662-gm6j" }, { "reference_url": "https://security.gentoo.org/glsa/200711-17", "reference_id": "GLSA-200711-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25114?format=api", "purl": "pkg:gem/rails@1.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-4zhj-en7h-3yaz" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-9hvm-2hnk-hyev" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-nzeb-cy9e-tkax" }, { "vulnerability": "VCID-r1u7-1avr-fqbs" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyqh-g8df-hkay" }, { "vulnerability": "VCID-xqzj-cww4-nbcy" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/25339?format=api", "purl": "pkg:gem/rails@1.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-4zhj-en7h-3yaz" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-9hvm-2hnk-hyev" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-nzeb-cy9e-tkax" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyqh-g8df-hkay" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.5" } ], "aliases": [ "CVE-2007-5379", "GHSA-fjfg-q662-gm6j", "OSV-40717" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1u7-1avr-fqbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33875?format=api", "vulnerability_id": "VCID-t684-yp58-hkg8", "summary": "ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore\nIn ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when\nuntrusted user input is written to the cache store using the `raw: true` parameter, re-reading the result\nfrom the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerable code looks like:\n\n```\ndata = cache.fetch(\"demo\", raw: true) { untrusted_string }\n```\nVersions Affected: rails < 5.2.5, rails < 6.0.4\nNot affected: Applications not using MemCacheStore or RedisCacheStore. Applications that do not use the `raw` option when storing untrusted user input.\nFixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1\n \nImpact\n------\nUnmarshalling of untrusted user input can have impact up to and including RCE. At a minimum,\nthis vulnerability allows an attacker to inject untrusted Ruby objects into a web application.\nIn addition to upgrading to the latest versions of Rails, developers should ensure that whenever\nthey are calling `Rails.cache.fetch` they are using consistent values of the `raw` parameter for both\nreading and writing, especially in the case of the RedisCacheStore which does not, prior to these changes,\ndetect if data was serialized using the raw option upon deserialization.\n\nWorkarounds\n-----------\nIt is recommended that application developers apply the suggested patch or upgrade to the latest release as\nsoon as possible. If this is not possible, we recommend ensuring that all user-provided strings cached using\nthe `raw` argument should be double-checked to ensure that they conform to the expected format.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90128", "scoring_system": "epss", "scoring_elements": "0.99586", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.90128", "scoring_system": "epss", "scoring_elements": "0.99588", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.90128", "scoring_system": "epss", "scoring_elements": "0.99584", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.90128", "scoring_system": "epss", "scoring_elements": "0.99585", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.90128", "scoring_system": "epss", "scoring_elements": "0.99587", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c" }, { "reference_url": "https://hackerone.com/reports/413388", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/413388" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8165" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250509-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250509-0002" }, { "reference_url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4766", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843072", "reference_id": "1843072", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843072" }, { "reference_url": "https://github.com/advisories/GHSA-2p68-f74v-9wc6", "reference_id": "GHSA-2p68-f74v-9wc6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2p68-f74v-9wc6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/208405?format=api", "purl": "pkg:gem/rails@5.2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/208415?format=api", "purl": "pkg:gem/rails@6.0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1xgz-hwng-n3eq" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-zy7d-3db6-sydw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1" } ], "aliases": [ "CVE-2020-8165", "GHSA-2p68-f74v-9wc6" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t684-yp58-hkg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47410?format=api", "vulnerability_id": "VCID-wg3a-j2dp-ayh4", "summary": "Possible DoS Vulnerability in Action Controller Token Authentication\nThere is a possible DoS vulnerability in the Token Authentication logic in Action Controller.\n\nVersions Affected: >= 4.0.0\nNot affected: < 4.0.0\nFixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6\n\nImpact\n------\nImpacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. Impacted code will look something like this:\n\n```\nclass PostsController < ApplicationController\n before_action :authenticate\n\n private\n\n def authenticate\n authenticate_or_request_with_http_token do |token, options|\n # ...\n end\n end\nend\n```\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThe following monkey patch placed in an initializer can be used to work around the issue:\n\n```ruby\nmodule ActionController::HttpAuthentication::Token\n AUTHN_PAIR_DELIMITERS = /(?:,|;|\\t)/\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n* 5-2-http-authentication-dos.patch - Patch for 5.2 series\n* 6-0-http-authentication-dos.patch - Patch for 6.0 series\n* 6-1-http-authentication-dos.patch - Patch for 6.1 series\n\nPlease note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.\n\nCredits\n-------\nThank you to https://hackerone.com/wonda_tea_coffee for reporting this issue!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.92007", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.92004", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.92", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.91987", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.91981", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.91974", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.91966", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.4.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v5.2.4.6" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v5.2.6" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.0.3.7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.0.3.7" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.3.2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ" }, { "reference_url": "https://hackerone.com/reports/1101125", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1101125" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210805-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210805-0009/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379", "reference_id": "1961379", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214", "reference_id": "988214", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214" }, { "reference_url": "https://security.archlinux.org/AVG-1920", "reference_id": "AVG-1920", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1920" }, { "reference_url": "https://security.archlinux.org/AVG-1921", "reference_id": "AVG-1921", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1921" }, { "reference_url": "https://security.archlinux.org/AVG-2090", "reference_id": "AVG-2090", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2090" }, { "reference_url": "https://security.archlinux.org/AVG-2223", "reference_id": "AVG-2223", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2223" }, { "reference_url": "https://github.com/advisories/GHSA-7wjx-3g7j-8584", "reference_id": "GHSA-7wjx-3g7j-8584", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7wjx-3g7j-8584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/250644?format=api", "purl": "pkg:gem/rails@5.2.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/251921?format=api", "purl": "pkg:gem/rails@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/250646?format=api", "purl": "pkg:gem/rails@6.0.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/251922?format=api", "purl": "pkg:gem/rails@6.1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1x8k-t8mr-3fgp" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-msda-xqbp-qfdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.3.2" } ], "aliases": [ "CVE-2021-22904", "GHSA-7wjx-3g7j-8584" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wg3a-j2dp-ayh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8416?format=api", "vulnerability_id": "VCID-wgr4-rzk2-4yet", "summary": "Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to \"URL-based sessions.\"", "references": [ { "reference_url": "http://bugs.gentoo.org/show_bug.cgi?id=195315", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=195315" }, { "reference_url": "http://docs.info.apple.com/article.html?artnum=307179", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://docs.info.apple.com/article.html?artnum=307179" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90504", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90545", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90552", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90543", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90537", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90524", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90518", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90508", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90551", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380" }, { "reference_url": "http://secunia.com/advisories/27657", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/27657" }, { "reference_url": "http://secunia.com/advisories/27965", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/27965" }, { "reference_url": "http://secunia.com/advisories/28136", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/28136" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200711-17.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-200711-17.xml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release" }, { "reference_url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html" }, { "reference_url": "http://www.securityfocus.com/bid/26096", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/26096" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/3508", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/3508" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/4238" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5380", "reference_id": "CVE-2007-5380", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5380" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml", "reference_id": "CVE-2007-5380.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml" }, { "reference_url": "https://github.com/advisories/GHSA-jwhv-rgqc-fqj5", "reference_id": "GHSA-jwhv-rgqc-fqj5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jwhv-rgqc-fqj5" }, { "reference_url": "https://security.gentoo.org/glsa/200711-17", "reference_id": "GLSA-200711-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-17" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25114?format=api", "purl": "pkg:gem/rails@1.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-4zhj-en7h-3yaz" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-9hvm-2hnk-hyev" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-nzeb-cy9e-tkax" }, { "vulnerability": "VCID-r1u7-1avr-fqbs" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyqh-g8df-hkay" }, { "vulnerability": "VCID-xqzj-cww4-nbcy" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.4" } ], "aliases": [ "CVE-2007-5380", "GHSA-jwhv-rgqc-fqj5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgr4-rzk2-4yet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8418?format=api", "vulnerability_id": "VCID-wyqh-g8df-hkay", "summary": "rails is vulnerable to CRLF injection\nCRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.", "references": [ { "reference_url": "http://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/rails/rails" }, { "reference_url": "http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5189.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5189.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38195", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38137", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38187", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38178", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38214", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38245", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38268", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189" }, { "reference_url": "http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing" }, { "reference_url": "http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk" }, { "reference_url": "http://www.securityfocus.com/bid/32359", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/32359" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=472510", "reference_id": "472510", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472510" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5189", "reference_id": "CVE-2008-5189", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5189" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml", "reference_id": "CVE-2008-5189.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml" }, { "reference_url": "https://github.com/advisories/GHSA-jmgf-p46x-982h", "reference_id": "GHSA-jmgf-p46x-982h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmgf-p46x-982h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25118?format=api", "purl": "pkg:gem/rails@2.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-3zdr-vasc-a7cn" }, { "vulnerability": "VCID-4zhj-en7h-3yaz" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-j24x-nhsb-yug6" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-nzeb-cy9e-tkax" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.0.5" } ], "aliases": [ "CVE-2008-5189", "GHSA-jmgf-p46x-982h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wyqh-g8df-hkay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8467?format=api", "vulnerability_id": "VCID-xqzj-cww4-nbcy", "summary": "Moderate severity vulnerability that affects rails\nCross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.", "references": [ { "reference_url": "http://bugs.gentoo.org/show_bug.cgi?id=195315", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=195315" }, { "reference_url": "http://dev.rubyonrails.org/ticket/8371", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://dev.rubyonrails.org/ticket/8371" }, { "reference_url": "http://osvdb.org/36378", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://osvdb.org/36378" }, { "reference_url": "http://pastie.caboo.se/65550.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://pastie.caboo.se/65550.txt" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94242", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94247", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94215", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94246", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94238", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94205", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94227", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94229", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227" }, { "reference_url": "http://secunia.com/advisories/25699", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/25699" }, { "reference_url": "http://secunia.com/advisories/27657", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/27657" }, { "reference_url": "http://secunia.com/advisories/27756", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/27756" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200711-17.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-200711-17.xml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release" }, { "reference_url": "http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release" }, { "reference_url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html" }, { "reference_url": "http://www.securityfocus.com/bid/24161", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/24161" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/2216", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/2216" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177", "reference_id": "429177", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3227", "reference_id": "CVE-2007-3227", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3227" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt", "reference_id": "CVE-2007-3227;OSVDB-36378", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt" }, { "reference_url": "https://www.securityfocus.com/bid/24161/info", "reference_id": "CVE-2007-3227;OSVDB-36378", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/24161/info" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml", "reference_id": "CVE-2007-3227.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gm25-fpmr-43fj", "reference_id": "GHSA-gm25-fpmr-43fj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gm25-fpmr-43fj" }, { "reference_url": "https://security.gentoo.org/glsa/200711-17", "reference_id": "GLSA-200711-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25339?format=api", "purl": "pkg:gem/rails@1.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-4zhj-en7h-3yaz" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-9hvm-2hnk-hyev" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-nzeb-cy9e-tkax" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyqh-g8df-hkay" }, { "vulnerability": "VCID-xxbb-7e3n-9yb3" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.5" } ], "aliases": [ "CVE-2007-3227", "GHSA-gm25-fpmr-43fj", "OSV-36378" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xqzj-cww4-nbcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13873?format=api", "vulnerability_id": "VCID-xxbb-7e3n-9yb3", "summary": "Cross site scripting in actionpack Rubygem\nA cross-site scripting vulnerability flaw was found in the `auto_link` function in Rails before version 3.0.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55722", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5574", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55759", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5575", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55696", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55584", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55747", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55718", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1497" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG" }, { "reference_url": "https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d" }, { "reference_url": "https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2011/04/06/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2011/04/06/13" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015262", "reference_id": "2015262", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015262" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1497", "reference_id": "CVE-2011-1497", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1497" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml", "reference_id": "CVE-2011-1497.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml" }, { "reference_url": "https://github.com/advisories/GHSA-q58j-fmvf-9rq6", "reference_id": "GHSA-q58j-fmvf-9rq6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q58j-fmvf-9rq6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49915?format=api", "purl": "pkg:gem/rails@3.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-35rt-t6e1-pfa6" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-j24x-nhsb-yug6" }, { "vulnerability": "VCID-mep3-6sub-ykdk" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-pmrb-t3bm-zkb6" }, { "vulnerability": "VCID-rps2-k24p-9qgq" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.0.6" } ], "aliases": [ "CVE-2011-1497", "GHSA-q58j-fmvf-9rq6" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxbb-7e3n-9yb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7339?format=api", "vulnerability_id": "VCID-z1jv-4ga2-7kd1", "summary": "Possible Information Leak Vulnerability\nApplications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83257", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83242", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83226", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83299", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83305", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.8329", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83281", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83295", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4" }, { "reference_url": "https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122" }, { "reference_url": "https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726" }, { "reference_url": "https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3509", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3509" }, { "reference_url": "http://www.securityfocus.com/bid/83726", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/83726" }, { "reference_url": "http://www.securitytracker.com/id/1035122", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035122" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043", "reference_id": "1310043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097", "reference_id": "CVE-2016-2097", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097" }, { "reference_url": "https://github.com/advisories/GHSA-vx9j-46rh-fqr8", "reference_id": "GHSA-vx9j-46rh-fqr8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vx9j-46rh-fqr8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0456", "reference_id": "RHSA-2016:0456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0456" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21991?format=api", "purl": "pkg:gem/rails@3.2.22.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.2.22.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/21992?format=api", "purl": "pkg:gem/rails@4.1.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2mcx-b9k2-83bh" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-877d-u9ag-qqdr" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-s5ah-tf63-a7cw" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.14.2" } ], "aliases": [ "CVE-2016-2097", "GHSA-vx9j-46rh-fqr8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z1jv-4ga2-7kd1" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@0.8.0" }