Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/activestorage@5.2.1.0
Typegem
Namespace
Nameactivestorage
Version5.2.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.1.2.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-5x54-hckg-x7b8
vulnerability_id VCID-5x54-hckg-x7b8
summary 
Exposure of Sensitive Information to an Unauthorized Actor
A bypass vulnerability in Active Storage for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16477
reference_id
reference_type
scores
0
value 0.0026
scoring_system epss
scoring_elements 0.4941
published_at 2026-04-21T12:55:00Z
1
value 0.0026
scoring_system epss
scoring_elements 0.49372
published_at 2026-04-02T12:55:00Z
2
value 0.0026
scoring_system epss
scoring_elements 0.494
published_at 2026-04-04T12:55:00Z
3
value 0.0026
scoring_system epss
scoring_elements 0.49354
published_at 2026-04-07T12:55:00Z
4
value 0.0026
scoring_system epss
scoring_elements 0.49408
published_at 2026-04-08T12:55:00Z
5
value 0.0026
scoring_system epss
scoring_elements 0.49404
published_at 2026-04-09T12:55:00Z
6
value 0.0026
scoring_system epss
scoring_elements 0.49422
published_at 2026-04-11T12:55:00Z
7
value 0.0026
scoring_system epss
scoring_elements 0.49394
published_at 2026-04-12T12:55:00Z
8
value 0.0026
scoring_system epss
scoring_elements 0.49397
published_at 2026-04-13T12:55:00Z
9
value 0.0026
scoring_system epss
scoring_elements 0.49443
published_at 2026-04-16T12:55:00Z
10
value 0.0026
scoring_system epss
scoring_elements 0.4944
published_at 2026-04-18T12:55:00Z
11
value 0.0026
scoring_system epss
scoring_elements 0.49345
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16477
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16477
2
reference_url https://github.com/advisories/GHSA-7rr7-rcjw-56vj
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7rr7-rcjw-56vj
3
reference_url https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ
4
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg
5
reference_url https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released
6
reference_url https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/
reference_id
reference_type
scores
url https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848
reference_id 914848
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16477
reference_id CVE-2018-16477
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16477
fixed_packages
0
url pkg:gem/activestorage@5.2.1.1
purl pkg:gem/activestorage@5.2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65tq-e5eb-eucj
1
vulnerability VCID-895a-ydc5-zfg6
2
vulnerability VCID-ad6q-vtdf-syb6
3
vulnerability VCID-drg6-gj1f-h7ea
4
vulnerability VCID-yzpx-3gam-y3bu
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activestorage@5.2.1.1
aliases CVE-2018-16477, GHSA-7rr7-rcjw-56vj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5x54-hckg-x7b8
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/activestorage@5.2.1.0