Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionpack@3.2.0.alpha0
Typegem
Namespace
Nameactionpack
Version3.2.0.alpha0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.0.8.7
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-1rgy-k7a9-m7au
vulnerability_id VCID-1rgy-k7a9-m7au
summary 
XSS via posted select tag options
Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1099
reference_id
reference_type
scores
0
value 0.00399
scoring_system epss
scoring_elements 0.6069
published_at 2026-04-24T12:55:00Z
1
value 0.00399
scoring_system epss
scoring_elements 0.60645
published_at 2026-04-04T12:55:00Z
2
value 0.00399
scoring_system epss
scoring_elements 0.60665
published_at 2026-04-08T12:55:00Z
3
value 0.00399
scoring_system epss
scoring_elements 0.6068
published_at 2026-04-09T12:55:00Z
4
value 0.00399
scoring_system epss
scoring_elements 0.60705
published_at 2026-04-11T12:55:00Z
5
value 0.00399
scoring_system epss
scoring_elements 0.60691
published_at 2026-04-12T12:55:00Z
6
value 0.00399
scoring_system epss
scoring_elements 0.60671
published_at 2026-04-13T12:55:00Z
7
value 0.00399
scoring_system epss
scoring_elements 0.60713
published_at 2026-04-16T12:55:00Z
8
value 0.00399
scoring_system epss
scoring_elements 0.60719
published_at 2026-04-18T12:55:00Z
9
value 0.00399
scoring_system epss
scoring_elements 0.60704
published_at 2026-04-21T12:55:00Z
10
value 0.00399
scoring_system epss
scoring_elements 0.60541
published_at 2026-04-01T12:55:00Z
11
value 0.00399
scoring_system epss
scoring_elements 0.60616
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1099
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=799276
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=799276
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099
7
reference_url https://github.com/advisories/GHSA-2xjj-5x6h-8vmf
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2xjj-5x6h-8vmf
8
reference_url https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1099
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1099
12
reference_url http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released
13
reference_url http://www.debian.org/security/2012/dsa-2466
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2466
14
reference_url http://www.openwall.com/lists/oss-security/2012/03/02/6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/03/02/6
15
reference_url http://www.openwall.com/lists/oss-security/2012/03/03/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/03/03/1
fixed_packages
0
url pkg:gem/actionpack@3.2.0.rc1
purl pkg:gem/actionpack@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rgy-k7a9-m7au
1
vulnerability VCID-1xgz-hwng-n3eq
2
vulnerability VCID-333w-aacz-mfcr
3
vulnerability VCID-35rt-t6e1-pfa6
4
vulnerability VCID-3wtf-uu89-2qe5
5
vulnerability VCID-3x4p-t3yb-3yak
6
vulnerability VCID-3zdr-vasc-a7cn
7
vulnerability VCID-49pq-vg95-jkh2
8
vulnerability VCID-4epw-vk25-mfdw
9
vulnerability VCID-4he5-y1u4-gkd2
10
vulnerability VCID-5hqj-fxmk-cbcy
11
vulnerability VCID-63gy-6njy-kbd8
12
vulnerability VCID-6j55-bstz-yybj
13
vulnerability VCID-7f5r-9h1g-nuch
14
vulnerability VCID-86jq-2md2-d7ah
15
vulnerability VCID-9hq5-3usy-5fhq
16
vulnerability VCID-a6sp-18av-wya6
17
vulnerability VCID-awt1-8bxs-xffs
18
vulnerability VCID-bjwf-uhyk-63aj
19
vulnerability VCID-c1w4-z275-tqg7
20
vulnerability VCID-carc-ntrd-ebfe
21
vulnerability VCID-cdnw-t8n1-23ep
22
vulnerability VCID-cnqr-6e98-5kgk
23
vulnerability VCID-cwa7-9d2t-rfhb
24
vulnerability VCID-dd9p-x7k3-37ea
25
vulnerability VCID-ehbj-aezy-d7h4
26
vulnerability VCID-g3rk-djae-pkeh
27
vulnerability VCID-h8gs-ansa-9bd9
28
vulnerability VCID-h94p-ywve-y7h9
29
vulnerability VCID-hmp2-rmzv-wkhg
30
vulnerability VCID-hppf-a715-r7b2
31
vulnerability VCID-j24x-nhsb-yug6
32
vulnerability VCID-kcj2-v7av-47cv
33
vulnerability VCID-knsd-pv15-tydx
34
vulnerability VCID-mep3-6sub-ykdk
35
vulnerability VCID-mnkw-23eu-bkgc
36
vulnerability VCID-msda-xqbp-qfdd
37
vulnerability VCID-n8cc-3stk-97b5
38
vulnerability VCID-nf8s-2aaa-17fw
39
vulnerability VCID-p5mc-r1rg-5ff7
40
vulnerability VCID-phxs-zet8-ryh3
41
vulnerability VCID-pmrb-t3bm-zkb6
42
vulnerability VCID-rps2-k24p-9qgq
43
vulnerability VCID-s5ah-tf63-a7cw
44
vulnerability VCID-sfyc-jewr-wuf5
45
vulnerability VCID-sgdb-985e-4uej
46
vulnerability VCID-tt6r-bytq-4fa4
47
vulnerability VCID-v3r3-bwp5-a3bn
48
vulnerability VCID-vgm2-8wjy-x7ed
49
vulnerability VCID-wg3a-j2dp-ayh4
50
vulnerability VCID-y8gn-9fat-e7d1
51
vulnerability VCID-ynqu-cjn9-fqf2
52
vulnerability VCID-z1jv-4ga2-7kd1
53
vulnerability VCID-zkvd-bfd6-t7dg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1
1
url pkg:gem/actionpack@3.2.2
purl pkg:gem/actionpack@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xgz-hwng-n3eq
1
vulnerability VCID-333w-aacz-mfcr
2
vulnerability VCID-35rt-t6e1-pfa6
3
vulnerability VCID-3wtf-uu89-2qe5
4
vulnerability VCID-3x4p-t3yb-3yak
5
vulnerability VCID-3zdr-vasc-a7cn
6
vulnerability VCID-42dz-pxpv-qff3
7
vulnerability VCID-49pq-vg95-jkh2
8
vulnerability VCID-4epw-vk25-mfdw
9
vulnerability VCID-4he5-y1u4-gkd2
10
vulnerability VCID-5hqj-fxmk-cbcy
11
vulnerability VCID-63gy-6njy-kbd8
12
vulnerability VCID-6j55-bstz-yybj
13
vulnerability VCID-7f5r-9h1g-nuch
14
vulnerability VCID-86jq-2md2-d7ah
15
vulnerability VCID-9hq5-3usy-5fhq
16
vulnerability VCID-a6sp-18av-wya6
17
vulnerability VCID-awt1-8bxs-xffs
18
vulnerability VCID-bjwf-uhyk-63aj
19
vulnerability VCID-c1w4-z275-tqg7
20
vulnerability VCID-carc-ntrd-ebfe
21
vulnerability VCID-cdnw-t8n1-23ep
22
vulnerability VCID-cnqr-6e98-5kgk
23
vulnerability VCID-cwa7-9d2t-rfhb
24
vulnerability VCID-dd9p-x7k3-37ea
25
vulnerability VCID-ehbj-aezy-d7h4
26
vulnerability VCID-g3rk-djae-pkeh
27
vulnerability VCID-h8gs-ansa-9bd9
28
vulnerability VCID-h94p-ywve-y7h9
29
vulnerability VCID-hmp2-rmzv-wkhg
30
vulnerability VCID-hppf-a715-r7b2
31
vulnerability VCID-j24x-nhsb-yug6
32
vulnerability VCID-kcj2-v7av-47cv
33
vulnerability VCID-knsd-pv15-tydx
34
vulnerability VCID-mep3-6sub-ykdk
35
vulnerability VCID-mnkw-23eu-bkgc
36
vulnerability VCID-msda-xqbp-qfdd
37
vulnerability VCID-n8cc-3stk-97b5
38
vulnerability VCID-nf8s-2aaa-17fw
39
vulnerability VCID-p5mc-r1rg-5ff7
40
vulnerability VCID-phxs-zet8-ryh3
41
vulnerability VCID-pmrb-t3bm-zkb6
42
vulnerability VCID-rps2-k24p-9qgq
43
vulnerability VCID-s5ah-tf63-a7cw
44
vulnerability VCID-sfyc-jewr-wuf5
45
vulnerability VCID-sgdb-985e-4uej
46
vulnerability VCID-tt6r-bytq-4fa4
47
vulnerability VCID-v3r3-bwp5-a3bn
48
vulnerability VCID-vgm2-8wjy-x7ed
49
vulnerability VCID-wg3a-j2dp-ayh4
50
vulnerability VCID-y8gn-9fat-e7d1
51
vulnerability VCID-ynqu-cjn9-fqf2
52
vulnerability VCID-z1jv-4ga2-7kd1
53
vulnerability VCID-zkvd-bfd6-t7dg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.2
aliases CVE-2012-1099, GHSA-2xjj-5x6h-8vmf, OSV-79727
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rgy-k7a9-m7au
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.alpha0