Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/activerecord@4.2.5.0
Typegem
Namespace
Nameactiverecord
Version4.2.5.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.1.5.2
Latest_non_vulnerable_version8.0.2.1
Affected_by_vulnerabilities
0
url VCID-f4h5-8f57-3uhr
vulnerability_id VCID-f4h5-8f57-3uhr
summary 
Moderate severity vulnerability that affects activerecord
Withdrawn, accidental duplicate publish.

activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.
references
0
reference_url https://github.com/advisories/GHSA-7phj-gmgx-2r66
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7phj-gmgx-2r66
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7577
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7577
fixed_packages
0
url pkg:gem/activerecord@4.2.5.1
purl pkg:gem/activerecord@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cky-r218-dkbb
1
vulnerability VCID-5qu2-b8gt-7qe3
2
vulnerability VCID-9t7a-muwx-zyee
3
vulnerability VCID-bsxw-gh14-rbef
4
vulnerability VCID-j8zg-kq3z-jqcm
5
vulnerability VCID-n8r7-wthv-fqaj
6
vulnerability VCID-nzeb-cy9e-tkax
7
vulnerability VCID-qywc-5pj5-y3a9
8
vulnerability VCID-sygb-mygd-s3gb
9
vulnerability VCID-y54w-a8kr-suhy
10
vulnerability VCID-zqzx-avvt-wkhm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.5.1
aliases GHSA-7phj-gmgx-2r66
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4h5-8f57-3uhr
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.5.0