Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/179932?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/179932?format=api", "purl": "pkg:rpm/redhat/rubygem-rack@1:1.3.0-3?arch=el6cf", "type": "rpm", "namespace": "redhat", "name": "rubygem-rack", "version": "1:1.3.0-3", "qualifiers": { "arch": "el6cf" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37500?format=api", "vulnerability_id": "VCID-4u64-j7gm-5ke9", "summary": "Uncontrolled Resource Consumption\nlib/rack/multipart.rb in Rack uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.", "references": [ { "reference_url": "http://rack.github.com/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rack.github.com/" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0544" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6109.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6109.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2012-6109", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2012-6109" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6109", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74868", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74897", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6109" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=895277", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6109", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6109" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/blob/master/README.rdoc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/blob/master/README.rdoc" }, { "reference_url": "https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml" }, { "reference_url": "https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440", "reference_id": "698440", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6109", "reference_id": "CVE-2012-6109", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6109" }, { "reference_url": "https://github.com/advisories/GHSA-h77x-m5q8-c29h", "reference_id": "GHSA-h77x-m5q8-c29h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h77x-m5q8-c29h" }, { "reference_url": "https://security.gentoo.org/glsa/201405-10", "reference_id": "GLSA-201405-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-10" } ], "fixed_packages": [], "aliases": [ "CVE-2012-6109", "GHSA-h77x-m5q8-c29h", "OSV-89317" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4u64-j7gm-5ke9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115017?format=api", "vulnerability_id": "VCID-57hq-tgvf-dbdz", "summary": "Katello: lack of authorization in proxies_controller.rb", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5603.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5603.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5603", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48805", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48865", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5603" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=882129", "reference_id": "882129", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=882129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1543", "reference_id": "RHSA-2012:1543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1543" } ], "fixed_packages": [], "aliases": [ "CVE-2012-5603" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57hq-tgvf-dbdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37503?format=api", "vulnerability_id": "VCID-6yf4-8k7v-p7d7", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nmultipart/parser.rb in Rack allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rack.github.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rack.github.com" }, { "reference_url": "http://rack.github.com/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rack.github.com/" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0544" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0183.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0183.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-0183", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-0183" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.83255", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.83229", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=895282", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0183" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff" }, { "reference_url": "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0183.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0183.yml" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI" }, { "reference_url": "https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs" }, { "reference_url": "https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2783", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2783" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440", "reference_id": "698440", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0183", "reference_id": "CVE-2013-0183", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0183" }, { "reference_url": "https://github.com/advisories/GHSA-3pxh-h8hw-mj8w", "reference_id": "GHSA-3pxh-h8hw-mj8w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3pxh-h8hw-mj8w" }, { "reference_url": "https://security.gentoo.org/glsa/201405-10", "reference_id": "GLSA-201405-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-10" } ], "fixed_packages": [], "aliases": [ "CVE-2013-0183", "GHSA-3pxh-h8hw-mj8w", "OSV-89320" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6yf4-8k7v-p7d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65272?format=api", "vulnerability_id": "VCID-6z58-b8tk-pbgy", "summary": "aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4462.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00686", "scoring_system": "epss", "scoring_elements": "0.72107", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00686", "scoring_system": "epss", "scoring_elements": "0.72147", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4462" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=860850", "reference_id": "860850", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=860850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0564", "reference_id": "RHSA-2013:0564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0565", "reference_id": "RHSA-2013:0565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0565" } ], "fixed_packages": [], "aliases": [ "CVE-2012-4462" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6z58-b8tk-pbgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37497?format=api", "vulnerability_id": "VCID-ac75-ed1t-euc4", "summary": "XSS exploit of RDoc documentation generated by rdoc\nThis exploit may lead to cookie disclosure to third parties. The exploit exists in darkfish.js which is copied from the RDoc install location to the generated documentation. RDoc is a static documentation generation tool. Patching the library itself is insufficient to correct this exploit.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0701.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0701.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0728.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0728.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0256.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0256.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02671", "scoring_system": "epss", "scoring_elements": "0.86115", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02671", "scoring_system": "epss", "scoring_elements": "0.86094", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0256" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=907820", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907820" }, { "reference_url": "https://github.com/advisories/GHSA-v2r9-c84j-v7xm", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v2r9-c84j-v7xm" }, { "reference_url": "https://github.com/rdoc/rdoc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rdoc/rdoc" }, { "reference_url": "https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2013-0256.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2013-0256.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0256", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0256" }, { "reference_url": "https://web.archive.org/web/20130402173730/http://blog.segment7.net:80/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130402173730/http://blog.segment7.net:80/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2" }, { "reference_url": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256" }, { "reference_url": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1733-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1733-1" }, { "reference_url": "https://github.com/rdoc/rdoc/blob/master/CVE-2013-0256.rdoc", "reference_id": "CVE-2013-0256.RDOC", "reference_type": "", "scores": [], "url": "https://github.com/rdoc/rdoc/blob/master/CVE-2013-0256.rdoc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0686", "reference_id": "RHSA-2013:0686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0701", "reference_id": "RHSA-2013:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0728", "reference_id": "RHSA-2013:0728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0728" }, { "reference_url": "https://usn.ubuntu.com/1733-1/", "reference_id": "USN-1733-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1733-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-0256", "GHSA-v2r9-c84j-v7xm", "OSV-90004" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ac75-ed1t-euc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37501?format=api", "vulnerability_id": "VCID-gq4p-3kvj-3kaq", "summary": "Incorrect temporary file usage\nThe ruby_parser Gem does not create temporary files securely. In the `diff_pp` function contained in `lib/gauntlet_rubyparser.rb` function, it creates files as `/tmp/a.[pid]` and `/tmp/b.[pid]` which can be predicted and used for either a denial of service (file cannot be overwritten), or to change the contents of files that are writable.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0544", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0582", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0582" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0162.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0162.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-0162" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35093", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35188", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0162" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892806", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892806" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby_parser/CVE-2013-0162.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby_parser/CVE-2013-0162.yml" }, { "reference_url": "https://github.com/seattlerb/ruby_parser", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/seattlerb/ruby_parser" }, { "reference_url": "https://github.com/seattlerb/ruby_parser/commit/506c7e13cff6f8715385fa8488b621028b4ad280", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/seattlerb/ruby_parser/commit/506c7e13cff6f8715385fa8488b621028b4ad280" }, { "reference_url": "https://github.com/seattlerb/ruby_parser/commit/c35acd878d50a8e4ea35933e3fbdc493421d422c", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/seattlerb/ruby_parser/commit/c35acd878d50a8e4ea35933e3fbdc493421d422c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0162" }, { "reference_url": "https://github.com/advisories/GHSA-8mvw-22r7-w6fq", "reference_id": "GHSA-8mvw-22r7-w6fq", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8mvw-22r7-w6fq" } ], "fixed_packages": [], "aliases": [ "CVE-2013-0162", "GHSA-8mvw-22r7-w6fq", "OSV-90561" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gq4p-3kvj-3kaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37502?format=api", "vulnerability_id": "VCID-kree-2cyw-duh8", "summary": "Uncontrolled Resource Consumption\nUnspecified vulnerability in Rack::Auth::AbstractRequest in Rack allows remote attackers to cause a denial of service via unknown vectors related to \"symbolized arbitrary strings.\"", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0548", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0548" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0184.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0184.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-0184", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-0184" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71954", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71915", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0184" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=895384", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0184", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0184" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/1f61549529d07abd4aa512b8320ab0e97dcacc5d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/1f61549529d07abd4aa512b8320ab0e97dcacc5d" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2783", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2783" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440", "reference_id": "698440", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0184", "reference_id": "CVE-2013-0184", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0184" }, { "reference_url": "https://github.com/advisories/GHSA-v882-ccj6-jc48", "reference_id": "GHSA-v882-ccj6-jc48", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v882-ccj6-jc48" }, { "reference_url": "https://security.gentoo.org/glsa/201405-10", "reference_id": "GLSA-201405-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-10" } ], "fixed_packages": [], "aliases": [ "CVE-2013-0184", "GHSA-v882-ccj6-jc48", "OSV-89327" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kree-2cyw-duh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115000?format=api", "vulnerability_id": "VCID-n3va-r7yq-b7cd", "summary": "Katello: /etc/katello/secure/passphrase is world readable", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5561.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5561.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5561", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.2871", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28783", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5561" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=879094", "reference_id": "879094", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=879094" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0547", "reference_id": "RHSA-2013:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0547" } ], "fixed_packages": [], "aliases": [ "CVE-2012-5561" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n3va-r7yq-b7cd" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-rack@1:1.3.0-3%3Farch=el6cf" }