Package Instance

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb

reference_url

https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a

reference_url

https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33176.yml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33176.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33176

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33176

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450551
reference_id	2450551
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450551

reference_url

https://github.com/advisories/GHSA-2j26-frm8-cmj9

reference_id

GHSA-2j26-frm8-cmj9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2j26-frm8-cmj9

reference_url	https://access.redhat.com/errata/RHSA-2026:14835
reference_id	RHSA-2026:14835
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14835

reference_url	https://access.redhat.com/errata/RHSA-2026:14873
reference_id	RHSA-2026:14873
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14873

reference_url	https://access.redhat.com/errata/RHSA-2026:14874
reference_id	RHSA-2026:14874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14874

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33176, GHSA-2j26-frm8-cmj9

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xgn-ux7r-n3hs

url VCID-fffn-puk6-ebas

vulnerability_id VCID-fffn-puk6-ebas

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33195.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33195.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33195

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.11546
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33195

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c

reference_url

reference_id

reference_type

scores

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c

reference_url

https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655

reference_id

reference_type

scores

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655

reference_url

https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348

reference_id

reference_type

scores

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-9xrj-h377-fr87

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/security/advisories/GHSA-9xrj-h377-fr87

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33195.yml

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33195.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33195

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33195

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450546
reference_id	2450546
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450546

reference_url

https://github.com/advisories/GHSA-9xrj-h377-fr87

reference_id

GHSA-9xrj-h377-fr87

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9xrj-h377-fr87

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33195, GHSA-9xrj-h377-fr87

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fffn-puk6-ebas

url VCID-fffz-javd-v7hb

vulnerability_id VCID-fffz-javd-v7hb

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33170

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01519
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33170

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7

reference_url

https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db

reference_url

https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33170.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33170.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33170

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33170

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450543
reference_id	2450543
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450543

reference_url

https://github.com/advisories/GHSA-89vf-4333-qx8v

reference_id

GHSA-89vf-4333-qx8v

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-89vf-4333-qx8v

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33170, GHSA-89vf-4333-qx8v

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fffz-javd-v7hb

url VCID-fnhs-6r73-jycb

vulnerability_id VCID-fnhs-6r73-jycb

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33168.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33168.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33168

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.08042
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33168

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c

reference_url

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c

reference_url

https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d

reference_url

https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-v55j-83pf-r9cq

reference_id

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/security/advisories/GHSA-v55j-83pf-r9cq

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2026-33168.yml

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2026-33168.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33168

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33168

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450549
reference_id	2450549
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450549

reference_url

https://github.com/advisories/GHSA-v55j-83pf-r9cq

reference_id

GHSA-v55j-83pf-r9cq

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v55j-83pf-r9cq

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33168, GHSA-v55j-83pf-r9cq

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnhs-6r73-jycb

url VCID-jamx-38p5-s7hd

vulnerability_id VCID-jamx-38p5-s7hd

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33173.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33173.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33173

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03496
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33173

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/707c0f1f41f067fdf96d54e99d43b28dfaae7e53

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/commit/707c0f1f41f067fdf96d54e99d43b28dfaae7e53

reference_url

https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e

reference_url

https://github.com/rails/rails/commit/d9502f5214e2198245a4c1defe9cd02a7c8057d0

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/commit/d9502f5214e2198245a4c1defe9cd02a7c8057d0

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-qcfx-2mfw-w4cg

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/security/advisories/GHSA-qcfx-2mfw-w4cg

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33173.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33173.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33173

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33173

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450545
reference_id	2450545
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450545

reference_url

https://github.com/advisories/GHSA-qcfx-2mfw-w4cg

reference_id

GHSA-qcfx-2mfw-w4cg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qcfx-2mfw-w4cg

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33173, GHSA-qcfx-2mfw-w4cg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jamx-38p5-s7hd

url VCID-mxde-jpzz-vff8

vulnerability_id VCID-mxde-jpzz-vff8

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33202.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33202.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33202

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08951
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33202

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8c9676b803820110548cdb7523800db43bc6874c

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/commit/8c9676b803820110548cdb7523800db43bc6874c

reference_url

https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf

reference_url

https://github.com/rails/rails/commit/fa19073546360856e9f4dab221fc2c5d73a45e82

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/commit/fa19073546360856e9f4dab221fc2c5d73a45e82

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-73f9-jhhh-hr5m

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/security/advisories/GHSA-73f9-jhhh-hr5m

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33202.yml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33202.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33202

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33202

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450547
reference_id	2450547
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450547

reference_url

https://github.com/advisories/GHSA-73f9-jhhh-hr5m

reference_id

GHSA-73f9-jhhh-hr5m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-73f9-jhhh-hr5m

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33202, GHSA-73f9-jhhh-hr5m

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mxde-jpzz-vff8

url VCID-rqch-g7pm-sugv

vulnerability_id VCID-rqch-g7pm-sugv

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33169.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33169.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33169

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.06288
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33169

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11

reference_url

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11

reference_url

https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974

reference_url

https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33169.yml

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33169.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33169

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33169

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450556
reference_id	2450556
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450556

reference_url

https://github.com/advisories/GHSA-cg4j-q9v8-6v38

reference_id

GHSA-cg4j-q9v8-6v38

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cg4j-q9v8-6v38

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33169, GHSA-cg4j-q9v8-6v38

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqch-g7pm-sugv

url VCID-tkka-tsj1-wyc1

vulnerability_id VCID-tkka-tsj1-wyc1

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33174.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33174.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33174

reference_id

reference_type

scores

value	0.00024
scoring_system	epss
scoring_elements	0.07199
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33174

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5

reference_url

https://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a

reference_url

https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-r46p-8f7g-vvvg

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/security/advisories/GHSA-r46p-8f7g-vvvg

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33174.yml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33174.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33174

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33174

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450544
reference_id	2450544
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450544

reference_url

https://github.com/advisories/GHSA-r46p-8f7g-vvvg

reference_id

GHSA-r46p-8f7g-vvvg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r46p-8f7g-vvvg

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33174, GHSA-r46p-8f7g-vvvg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tkka-tsj1-wyc1

url VCID-ykzz-r4nz-mbdv

vulnerability_id VCID-ykzz-r4nz-mbdv

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33658.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33658.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33658

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.06085
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33658

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-p9fm-f462-ggrg

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/

url

https://github.com/rails/rails/security/advisories/GHSA-p9fm-f462-ggrg

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33658.yml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33658.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33658

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33658

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2451983
reference_id	2451983
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2451983

reference_url

https://github.com/advisories/GHSA-p9fm-f462-ggrg

reference_id

GHSA-p9fm-f462-ggrg

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p9fm-f462-ggrg

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33658, GHSA-p9fm-f462-ggrg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykzz-r4nz-mbdv

Fixing_vulnerabilities

url VCID-1161-4sdr-fkc3

vulnerability_id VCID-1161-4sdr-fkc3

summary

Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`

references

reference_url

http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7818

reference_id

reference_type

scores

value	0.0022
scoring_system	epss
scoring_elements	0.44675
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7818

reference_url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
reference_id	770934
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7818

reference_id

CVE-2014-7818

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7818

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml

reference_id

CVE-2014-7818.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml

reference_url

reference_id

CVE-2014-7829

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-29gr-w57f-rpfw

reference_url

reference_id

GHSA-29gr-w57f-rpfw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-29gr-w57f-rpfw

fixed_packages

url	pkg:deb/debian/rails@2:4.1.8-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.1.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-7818, GHSA-29gr-w57f-rpfw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1161-4sdr-fkc3

url VCID-14eh-tn37-bfhu

vulnerability_id VCID-14eh-tn37-bfhu

summary

Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
Due to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0469.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0469.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6417

reference_id

reference_type

scores

value	0.00512
scoring_system	epss
scoring_elements	0.66801
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6417

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417

reference_url	http://seclists.org/oss-sec/2013/q4/403
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2013/q4/403

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4

reference_url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6417

reference_url

reference_id

CVE-2013-6417

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6417

reference_url

https://puppet.com/security/cve/cve-2013-6417

reference_id

CVE-2013-6417

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://puppet.com/security/cve/cve-2013-6417

reference_url

https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417

reference_id

CVE-2013-6417

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml

reference_id

CVE-2013-6417.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml

reference_url

https://github.com/advisories/GHSA-wpw7-wxjm-cw8r

reference_id

GHSA-wpw7-wxjm-cw8r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wpw7-wxjm-cw8r

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-6417, GHSA-wpw7-wxjm-cw8r, OSV-100527

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-14eh-tn37-bfhu

url VCID-1bxj-7h5q-jbdz

vulnerability_id VCID-1bxj-7h5q-jbdz

summary multiple issues

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22904

reference_id

reference_type

scores

value	0.03338
scoring_system	epss
scoring_elements	0.87509
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22904

reference_url

https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v5.2.4.6

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v5.2.4.6

reference_url

https://github.com/rails/rails/releases/tag/v5.2.6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v5.2.6

reference_url

https://github.com/rails/rails/releases/tag/v6.0.3.7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.0.3.7

reference_url

https://github.com/rails/rails/releases/tag/v6.1.3.2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.3.2

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

reference_url

https://hackerone.com/reports/1101125

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1101125

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22904

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22904

reference_url

https://security.netapp.com/advisory/ntap-20210805-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210805-0009

reference_url	https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210805-0009/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
reference_id	988214
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214

reference_url

reference_id

AVG-1920

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1921

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2090

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2223

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-7wjx-3g7j-8584

reference_url

reference_id

GHSA-7wjx-3g7j-8584

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7wjx-3g7j-8584

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22904, GHSA-7wjx-3g7j-8584

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bxj-7h5q-jbdz

url VCID-1f8y-2bmg-qufg

vulnerability_id VCID-1f8y-2bmg-qufg

summary

Exposure of information in Action Pack
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23633

reference_id

reference_type

scores

value	0.00187
scoring_system	epss
scoring_elements	0.40349
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23633

reference_url

https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da

reference_url

https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_url

https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released

reference_url

https://security.netapp.com/advisory/ntap-20240119-0013

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240119-0013

reference_url	https://security.netapp.com/advisory/ntap-20240119-0013/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240119-0013/

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/02/11/5

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/02/11/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389
reference_id	1005389
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-23633

reference_id

CVE-2022-23633

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-23633

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml

reference_id

CVE-2022-23633.YML

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml

reference_url

https://github.com/advisories/GHSA-wh98-p28r-vrc9

reference_id

GHSA-wh98-p28r-vrc9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wh98-p28r-vrc9

reference_url

https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9

reference_id

GHSA-wh98-p28r-vrc9

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.6%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-23633, GHSA-wh98-p28r-vrc9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1f8y-2bmg-qufg

url VCID-1r5t-n9ys-zbbu

vulnerability_id VCID-1r5t-n9ys-zbbu

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

reference_id

reference_type

scores

value	0.00689
scoring_system	epss
scoring_elements	0.72094
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

reference_url	http://secunia.com/advisories/43278
reference_id
reference_type
scores
url	http://secunia.com/advisories/43278

reference_url	http://securitytracker.com/id?1025063
reference_id
reference_type
scores
url	http://securitytracker.com/id?1025063

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474

reference_url

https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063

reference_url

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

reference_url	http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0877

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-0448

reference_id

CVE-2011-0448

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0448

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml

reference_id

CVE-2011-0448.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml

reference_url

https://github.com/advisories/GHSA-jmm9-2p29-vh2w

reference_id

GHSA-jmm9-2p29-vh2w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jmm9-2p29-vh2w

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-0448, GHSA-jmm9-2p29-vh2w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1r5t-n9ys-zbbu

url VCID-26je-urbt-8kee

vulnerability_id VCID-26je-urbt-8kee

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html

reference_url

http://openwall.com/lists/oss-security/2014/02/18/8

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/02/18/8

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0081

reference_url

reference_id

reference_type

scores

value	0.00885
scoring_system	epss
scoring_elements	0.75774
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4

reference_url

https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782

reference_url

https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647

reference_url

https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0081

reference_id

CVE-2014-0081

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0081

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml

reference_id

CVE-2014-0081.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml

reference_id

CVE-2014-0081.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml

reference_url

https://github.com/advisories/GHSA-m46p-ggm5-5j83

reference_id

GHSA-m46p-ggm5-5j83

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m46p-ggm5-5j83

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-0081, GHSA-m46p-ggm5-5j83, OSV-103439

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-26je-urbt-8kee

url VCID-2bpy-kbwe-zbg8

vulnerability_id VCID-2bpy-kbwe-zbg8

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32224

reference_id

reference_type

scores

value	0.01897
scoring_system	epss
scoring_elements	0.83537
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32224

reference_url

https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a

reference_url

https://github.com/rails/rails/commits/main/activerecord

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commits/main/activerecord

reference_url

https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/

url

https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

reference_url

https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140
reference_id	1016140
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-32224

reference_id

CVE-2022-32224

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-32224

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml

reference_id

CVE-2022-32224.YML

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml

reference_url

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

reference_id

GHSA-3hhc-qp5v-9p2j

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/

url

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

reference_url	https://security.gentoo.org/glsa/202408-24
reference_id	GLSA-202408-24
reference_type
scores
url	https://security.gentoo.org/glsa/202408-24

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u5%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.6.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-32224, GHSA-3hhc-qp5v-9p2j

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bpy-kbwe-zbg8

url VCID-2dgz-cqjx-bkaw

vulnerability_id VCID-2dgz-cqjx-bkaw

summary

activerecord vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2930

reference_id

reference_type

scores

value	0.00955
scoring_system	epss
scoring_elements	0.76737
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2930

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731438

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731438

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2930

reference_id

CVE-2011-2930

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2930

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml

reference_id

CVE-2011-2930.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml

reference_url

https://github.com/advisories/GHSA-h6w6-xmqv-7q78

reference_id

GHSA-h6w6-xmqv-7q78

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h6w6-xmqv-7q78

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-2930, GHSA-h6w6-xmqv-7q78

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dgz-cqjx-bkaw

url VCID-2vex-unxw-jub9

vulnerability_id VCID-2vex-unxw-jub9

summary

Circumvention of attr_protected
The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0686.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0686.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0276

reference_id

reference_type

scores

value	0.00606
scoring_system	epss
scoring_elements	0.69983
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0276

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8

reference_url

https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896

reference_url

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/11/5

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/11/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0276

reference_id

CVE-2013-0276

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0276

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml

reference_id

CVE-2013-0276.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml

reference_url

https://github.com/advisories/GHSA-gr44-7grc-37vq

reference_id

GHSA-gr44-7grc-37vq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gr44-7grc-37vq

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-0276, GHSA-gr44-7grc-37vq, OSV-90072

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2vex-unxw-jub9

url VCID-3gxu-74a5-m7cv

vulnerability_id VCID-3gxu-74a5-m7cv

summary

Strong Parameter bypass with create_with
The `create_with` functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection.

references

reference_url

http://openwall.com/lists/oss-security/2014/08/18/10

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/08/18/10

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1102.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1102.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3514

reference_id

reference_type

scores

value	0.00331
scoring_system	epss
scoring_elements	0.56267
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3514

reference_url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

reference_url

https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

reference_url	https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3514

reference_id

CVE-2014-3514

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3514

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml

reference_id

CVE-2014-3514.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml

reference_url

https://github.com/advisories/GHSA-9rf5-jm6f-2fmm

reference_id

GHSA-9rf5-jm6f-2fmm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9rf5-jm6f-2fmm

fixed_packages

url	pkg:deb/debian/rails@2:4.1.5-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.1.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.5-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-3514, GHSA-9rf5-jm6f-2fmm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gxu-74a5-m7cv

url VCID-3sqw-5cpa-5qgg

vulnerability_id VCID-3sqw-5cpa-5qgg

summary

Active Record contains SQL Injection
SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.

references

reference_url

http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0220.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0220.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0544.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0544.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6496

reference_id

reference_type

scores

value	0.01017
scoring_system	epss
scoring_elements	0.77483
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6496

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=889649

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=889649

reference_url

http://security.gentoo.org/glsa/glsa-201401-22.xml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://security.gentoo.org/glsa/glsa-201401-22.xml

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM

reference_url

https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-6496

reference_id

CVE-2012-6496

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6496

reference_url

https://github.com/advisories/GHSA-gh2w-j7cx-2664

reference_id

GHSA-gh2w-j7cx-2664

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gh2w-j7cx-2664

reference_url	https://security.gentoo.org/glsa/201401-22
reference_id	GLSA-201401-22
reference_type
scores
url	https://security.gentoo.org/glsa/201401-22

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-6496, GHSA-gh2w-j7cx-2664, OSV-88661

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3sqw-5cpa-5qgg

url VCID-3ug5-mwru-aqcq

vulnerability_id VCID-3ug5-mwru-aqcq

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8151

reference_id

reference_type

scores

value	0.00286
scoring_system	epss
scoring_elements	0.52322
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8151

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/activeresource

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/activeresource

reference_url

https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e

reference_url

https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8151

reference_id

CVE-2020-8151

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8151

reference_url

https://github.com/advisories/GHSA-46j2-xjgp-jrfm

reference_id

GHSA-46j2-xjgp-jrfm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-46j2-xjgp-jrfm

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8151, GHSA-46j2-xjgp-jrfm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ug5-mwru-aqcq

url VCID-3wkw-4ab7-jbem

vulnerability_id VCID-3wkw-4ab7-jbem

summary

Improper Input Validation
A remote code execution vulnerability in development mode Rails can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

references

reference_url

http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5420

reference_id

reference_type

scores

value	0.93745
scoring_system	epss
scoring_elements	0.9986
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5420

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/

reference_url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_url	https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
reference_id
reference_type
scores
url	https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

reference_url

https://www.exploit-db.com/exploits/46785

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/46785

reference_url	https://www.exploit-db.com/exploits/46785/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/46785/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924521
reference_id	924521
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924521

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46785.rb
reference_id	CVE-2019-5420
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46785.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5420

reference_id

CVE-2019-5420

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5420

reference_url	https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/rails_double_tap.rb
reference_id	CVE-2019-5420
reference_type	exploit
scores
url	https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/rails_double_tap.rb

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/railties/CVE-2019-5420.yml

reference_id

CVE-2019-5420.YML

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/railties/CVE-2019-5420.yml

reference_url

https://github.com/advisories/GHSA-m42h-mh85-4qgc

reference_id

GHSA-m42h-mh85-4qgc

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m42h-mh85-4qgc

fixed_packages

url	pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2019-5420, GHSA-m42h-mh85-4qgc

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wkw-4ab7-jbem

url VCID-43zc-ndt3-xfc5

vulnerability_id VCID-43zc-ndt3-xfc5

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22577

reference_id

reference_type

scores

value	0.00495
scoring_system	epss
scoring_elements	0.6607
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22577

reference_url

https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec

reference_url

https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508

reference_url

https://github.com/rails/rails/commit/8198d7c4accad0b6ba956b9d59528534a289866b

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8198d7c4accad0b6ba956b9d59528534a289866b

reference_url

https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809

reference_url

https://github.com/rails/rails/pull/44635

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/pull/44635

reference_url

https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_url

https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released

reference_url

https://security.netapp.com/advisory/ntap-20221118-0002

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221118-0002

reference_url	https://security.netapp.com/advisory/ntap-20221118-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20221118-0002/

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22577

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011941
reference_id	1011941
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011941

reference_url

reference_id

CVE-2022-22577

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22577

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-22577.yml

reference_id

CVE-2022-22577.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-22577.yml

reference_url

https://github.com/advisories/GHSA-mm33-5vfq-3mm3

reference_id

GHSA-mm33-5vfq-3mm3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mm33-5vfq-3mm3

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.6.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-22577, GHSA-mm33-5vfq-3mm3, GMS-2022-1137

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43zc-ndt3-xfc5

url VCID-4b2f-5q7m-y3aq

vulnerability_id VCID-4b2f-5q7m-y3aq

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-32464

reference_id

reference_type

scores

value	0.0028
scoring_system	epss
scoring_elements	0.51606
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-32464

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T19:54:13Z/

url

https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-32464

reference_id

CVE-2024-32464

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-32464

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-32464.yml

reference_id

CVE-2024-32464.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-32464.yml

reference_url

https://github.com/advisories/GHSA-prjp-h48f-jgf6

reference_id

GHSA-prjp-h48f-jgf6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-prjp-h48f-jgf6

reference_url

https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6

reference_id

GHSA-prjp-h48f-jgf6

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T19:54:13Z/

url

https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-32464, GHSA-prjp-h48f-jgf6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4b2f-5q7m-y3aq

url VCID-4eqj-r4hp-f7dm

vulnerability_id VCID-4eqj-r4hp-f7dm

summary

rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0.

There is a potential DOM based cross-site scripting issue in rails-ujs
which leverages the Clipboard API to target HTML elements that are
assigned the contenteditable attribute. This has the potential to
occur when pasting malicious HTML content from the clipboard that
includes a data-method, data-remote or data-disable-with attribute.

This vulnerability has been assigned the CVE identifier CVE-2023-23913.

Not affected: < 5.1.0
Versions Affected: >= 5.1.0
Fixed Versions: 6.1.7.3, 7.0.4.3

Impact
If the specified malicious HTML clipboard content is provided to a
contenteditable element, this could result in the arbitrary execution
of javascript on the origin in question.

Releases
The FIXED releases are available at the normal locations.

Workarounds
We recommend that all users upgrade to one of the FIXED versions.
In the meantime, users can attempt to mitigate this vulnerability
by removing the contenteditable attribute from elements in pages
that rails-ujs will interact with.

Patches
To aid users who aren’t able to upgrade immediately we have provided
patches for the two supported release series. They are in git-am
format and consist of a single changeset.

* rails-ujs-data-method-contenteditable-6-1.patch - Patch for 6.1 series
* rails-ujs-data-method-contenteditable-7-0.patch - Patch for 7.0 series

Please note that only the 7.0.Z and 6.1.Z series are
supported at present, and 6.0.Z for severe vulnerabilities.

Users of earlier unsupported releases are advised to upgrade as
soon as possible as we cannot guarantee the continued availability
of security fixes for unsupported releases.

Credits
We would like to thank ryotak 15 for reporting this!

* rails-ujs-data-method-contenteditable-6-1.patch (8.5 KB)
* rails-ujs-data-method-contenteditable-7-0.patch (8.5 KB)
* rails-ujs-data-method-contenteditable-main.patch (8.9 KB)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23913

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.36148
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23913

reference_url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/

url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263

reference_url

https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/

url

https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd

reference_url

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/

url

https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd

reference_url

https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214

reference_url

https://security.netapp.com/advisory/ntap-20240605-0007

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240605-0007

reference_url

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2023-23913

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2182160
reference_id	2182160
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2182160

reference_url

reference_id

CVE-2023-23913

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-23913

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml

reference_id

CVE-2023-23913.YML

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml

reference_url

https://github.com/advisories/GHSA-xp5h-f8jf-rc8q

reference_id

GHSA-xp5h-f8jf-rc8q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xp5h-f8jf-rc8q

reference_url

https://security.netapp.com/advisory/ntap-20240605-0007/

reference_id

ntap-20240605-0007

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/

url

https://security.netapp.com/advisory/ntap-20240605-0007/

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-23913, GHSA-xp5h-f8jf-rc8q

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4eqj-r4hp-f7dm

url VCID-4jjq-jkgc-mkca

vulnerability_id VCID-4jjq-jkgc-mkca

summary

Rails has possible XSS Vulnerability in Action Controller
# Possible XSS Vulnerability in Action Controller

There is a possible XSS vulnerability when using the translation helpers
(`translate`, `t`, etc) in Action Controller. This vulnerability has been
assigned the CVE identifier CVE-2024-26143.

Versions Affected:  >= 7.0.0.
Not affected:       < 7.0.0
Fixed Versions:     7.1.3.1, 7.0.8.1

Impact
------
Applications using translation methods like `translate`, or `t` on a
controller, with a key ending in "_html", a `:default` key which contains
untrusted user input, and the resulting string is used in a view, may be
susceptible to an XSS vulnerability.

For example, impacted code will look something like this:

```ruby
class ArticlesController < ApplicationController
  def show  
    @message = t("message_html", default: untrusted_input)
    # The `show` template displays the contents of `@message`
  end
end
```

To reiterate the pre-conditions, applications must:

* Use a translation function from a controller (i.e. _not_ I18n.t, or `t` from
  a view)
* Use a key that ends in `_html`
* Use a default value where the default value is untrusted and unescaped input
* Send the text to the victim (whether that's part of a template, or a
  `render` call)

All users running an affected release should either upgrade or use one of the
workarounds immediately.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

*  7-0-translate-xss.patch - Patch for 7.0 series
*  7-1-translate-xss.patch - Patch for 7.1 series

Credits
-------

Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the patch and fix!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json

reference_id

reference_type

scores

value	4.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-26143

reference_id

reference_type

scores

value	0.02067
scoring_system	epss
scoring_elements	0.84217
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-26143

reference_url

https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/

url

https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/

url

https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc

reference_url

https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/

url

https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e

reference_url

https://security.netapp.com/advisory/ntap-20240510-0004

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240510-0004

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2266388
reference_id	2266388
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2266388

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-26143

reference_id

CVE-2024-26143

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-26143

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml

reference_id

CVE-2024-26143.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml

reference_url

https://github.com/advisories/GHSA-9822-6m93-xqf4

reference_id

GHSA-9822-6m93-xqf4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9822-6m93-xqf4

reference_url

https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4

reference_id

GHSA-9822-6m93-xqf4

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/

url

https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4

reference_url

https://security.netapp.com/advisory/ntap-20240510-0004/

reference_id

ntap-20240510-0004

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/

url

https://security.netapp.com/advisory/ntap-20240510-0004/

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-26143, GHSA-9822-6m93-xqf4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4jjq-jkgc-mkca

url VCID-57uk-2vgz-kyhn

vulnerability_id VCID-57uk-2vgz-kyhn

summary

Symbol DoS vulnerability in Active Record
When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0699.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0699.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0699

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0699

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1854

reference_url

reference_id

reference_type

scores

value	0.01795
scoring_system	epss
scoring_elements	0.83081
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1854

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=921329

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=921329

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE

reference_url

https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/

reference_url

https://access.redhat.com/security/cve/CVE-2013-1854

reference_id

CVE-2013-1854

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-1854

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1854

reference_id

CVE-2013-1854

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1854

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml

reference_id

CVE-2013-1854.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml

reference_url

https://github.com/advisories/GHSA-3crr-9vmg-864v

reference_id

GHSA-3crr-9vmg-864v

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3crr-9vmg-864v

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-1854, GHSA-3crr-9vmg-864v, OSV-91453

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-57uk-2vgz-kyhn

url VCID-6as7-jkwa-53dk

vulnerability_id VCID-6as7-jkwa-53dk

summary

Multiple vulnerabilities in parameter parsing in Action Pack
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0153.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0153.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0155.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0155.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0156

reference_id

reference_type

scores

value	0.91907
scoring_system	epss
scoring_elements	0.99708
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0156

reference_url

https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain

reference_url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain

reference_url

https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

reference_url

https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_url

https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156

reference_url

http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/

reference_url

http://www.debian.org/security/2013/dsa-2604

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2604

reference_url

http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html

reference_url

http://www.insinuator.net/2013/01/rails-yaml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.insinuator.net/2013/01/rails-yaml

reference_url	http://www.insinuator.net/2013/01/rails-yaml/
reference_id
reference_type
scores
url	http://www.insinuator.net/2013/01/rails-yaml/

reference_url

http://www.kb.cert.org/vuls/id/380039

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.kb.cert.org/vuls/id/380039

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0156

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722
reference_id	697722
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722

reference_url

reference_id

CVE-2013-0156

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0156

reference_url	https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/
reference_id	CVE-2013-0156
reference_type
scores
url	https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb
reference_id	CVE-2013-0156;OSVDB-89026
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb
reference_id	CVE-2013-0156;OSVDB-89026
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb

reference_url

https://github.com/advisories/GHSA-jmgw-6vjg-jjwg

reference_id

GHSA-jmgw-6vjg-jjwg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jmgw-6vjg-jjwg

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-0156, GHSA-jmgw-6vjg-jjwg, OSV-89026

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6as7-jkwa-53dk

url VCID-6cjf-b88j-n3bw

vulnerability_id VCID-6cjf-b88j-n3bw

summary

Cross-Site Request Forgery (CSRF)
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

reference_id

reference_type

scores

value	0.00991
scoring_system	epss
scoring_elements	0.77186
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

reference_url	http://secunia.com/advisories/43274
reference_id
reference_type
scores
url	http://secunia.com/advisories/43274

reference_url	http://secunia.com/advisories/43666
reference_id
reference_type
scores
url	http://secunia.com/advisories/43666

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034

reference_url

https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06

reference_url

https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291

reference_url

https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060

reference_url

http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0447

reference_url	http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/46291

reference_url	http://www.securitytracker.com/id?1025060
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1025060

reference_url	http://www.vupen.com/english/advisories/2011/0587
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0587

reference_url	http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0877

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
reference_id	614864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864

reference_url

reference_id

CVE-2011-0447

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0447

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml

reference_id

CVE-2011-0447.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml

reference_url

https://github.com/advisories/GHSA-24fg-p96v-hxh8

reference_id

GHSA-24fg-p96v-hxh8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-24fg-p96v-hxh8

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.11-0.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.11-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.11-0.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-0447, GHSA-24fg-p96v-hxh8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cjf-b88j-n3bw

url VCID-6jdd-kze9-myfz

vulnerability_id VCID-6jdd-kze9-myfz

summary

High severity vulnerability that affects actionpack
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

reference_id

reference_type

scores

value	0.00555
scoring_system	epss
scoring_elements	0.68421
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

reference_url	http://secunia.com/advisories/43278
reference_id
reference_type
scores
url	http://secunia.com/advisories/43278

reference_url	http://securitytracker.com/id?1025061
reference_id
reference_type
scores
url	http://securitytracker.com/id?1025061

reference_url

https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b

reference_url

https://github.com/rails/rails/tree/main/actionpack

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/tree/main/actionpack

reference_url

https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061

reference_url

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

reference_url	http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0877

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-0449

reference_id

CVE-2011-0449

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0449

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml

reference_id

CVE-2011-0449.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml

reference_url

https://github.com/advisories/GHSA-4ww3-3rxj-8v6q

reference_id

GHSA-4ww3-3rxj-8v6q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4ww3-3rxj-8v6q

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-0449, GHSA-4ww3-3rxj-8v6q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jdd-kze9-myfz

url VCID-7yhn-w7nv-xqf7

vulnerability_id VCID-7yhn-w7nv-xqf7

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8185

reference_id

reference_type

scores

value	0.00679
scoring_system	epss
scoring_elements	0.71897
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8185

reference_url

https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2

reference_url

https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0

reference_url

https://hackerone.com/reports/899069

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/899069

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081
reference_id	964081
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8185

reference_id

CVE-2020-8185

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8185

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml

reference_id

CVE-2020-8185.YML

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml

reference_url

https://github.com/advisories/GHSA-c6qr-h5vq-59jc

reference_id

GHSA-c6qr-h5vq-59jc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c6qr-h5vq-59jc

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8185, GHSA-c6qr-h5vq-59jc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7yhn-w7nv-xqf7

url VCID-84x9-y43n-8uca

vulnerability_id VCID-84x9-y43n-8uca

summary

Cross site scripting in actionpack Rubygem
A cross-site scripting vulnerability flaw was found in the `auto_link` function in Rails before version 3.0.6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-1497

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55943
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-1497

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG

reference_url

https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d

reference_url

https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6

reference_url

https://www.openwall.com/lists/oss-security/2011/04/06/13

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2011/04/06/13

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-1497

reference_id

CVE-2011-1497

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-1497

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml

reference_id

CVE-2011-1497.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml

reference_url

https://github.com/advisories/GHSA-q58j-fmvf-9rq6

reference_id

GHSA-q58j-fmvf-9rq6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q58j-fmvf-9rq6

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-1497, GHSA-q58j-fmvf-9rq6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84x9-y43n-8uca

url VCID-8c6b-8z6x-2uen

vulnerability_id VCID-8c6b-8z6x-2uen

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22881

reference_id

reference_type

scores

value	0.15453
scoring_system	epss
scoring_elements	0.94771
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22881

reference_url

https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization

reference_url

https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/blob/v6.1.2.1/actionpack/CHANGELOG.md

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/blob/v6.1.2.1/actionpack/CHANGELOG.md

reference_url

https://github.com/rails/rails/commit/b5de7b3a4787d8a55aaad39f477c16e3af65e444

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/b5de7b3a4787d8a55aaad39f477c16e3af65e444

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22881.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22881.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/zN_3qA26l6E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/zN_3qA26l6E

reference_url

https://hackerone.com/reports/1047447

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1047447

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22881

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22881

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/05/05/2

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/05/05/2

reference_url

http://www.openwall.com/lists/oss-security/2021/08/20/1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2021/12/14/5

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/12/14/5

reference_url	https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/
reference_id	CVE-2021-22881-FAILLE-DE-SECURITE-DANS-LE-MIDDLEWARE-HOSTAUTHORIZATION
reference_type
scores
url	https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/

reference_url

https://github.com/advisories/GHSA-8877-prq4-9xfw

reference_id

GHSA-8877-prq4-9xfw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8877-prq4-9xfw

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.5%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.5%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.5%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22881, GHSA-8877-prq4-9xfw

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8c6b-8z6x-2uen

url VCID-8w8b-5772-pqa8

vulnerability_id VCID-8w8b-5772-pqa8

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-47888

reference_id

reference_type

scores

value	0.00476
scoring_system	epss
scoring_elements	0.65172
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-47888

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id	1085376
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2319035
reference_id	2319035
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2319035

reference_url

reference_id

4f4312b21a6448336de7c7ab0c4d94b378def468

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/

url

https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468

reference_url

https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822

reference_id

727b0946c3cab04b825c039435eac963d4e91822

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/

url

https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822

reference_url

https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e

reference_id

ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/

url

https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-47888
reference_id	CVE-2024-47888
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-47888

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml

reference_id

CVE-2024-47888.YML

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml

reference_url

https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5

reference_id

de0df7caebd9cb238a6f10dca462dc5f8d5e98b5

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/

url

https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5

reference_url

https://github.com/advisories/GHSA-wwhv-wxv9-rpgw

reference_id

GHSA-wwhv-wxv9-rpgw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wwhv-wxv9-rpgw

reference_url

https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw

reference_id

GHSA-wwhv-wxv9-rpgw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/

url

https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw

reference_url	https://usn.ubuntu.com/7290-1/
reference_id	USN-7290-1
reference_type
scores
url	https://usn.ubuntu.com/7290-1/

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-47888, GHSA-wwhv-wxv9-rpgw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8w8b-5772-pqa8

url VCID-96bd-6tam-1qc5

vulnerability_id VCID-96bd-6tam-1qc5

summary

Improper Access Control
The Rails gem does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing `WHERE` clauses via a crafted request.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6317

reference_url

reference_id

reference_type

scores

value	0.00381
scoring_system	epss
scoring_elements	0.59784
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6317

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA

reference_url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/

reference_url

http://www.openwall.com/lists/oss-security/2016/08/11/4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/08/11/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154
reference_id	834154
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6317

reference_id

CVE-2016-6317

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6317

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml

reference_id

CVE-2016-6317.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml

reference_url

https://github.com/advisories/GHSA-pr3r-4wrp-r2pv

reference_id

GHSA-pr3r-4wrp-r2pv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pr3r-4wrp-r2pv

fixed_packages

url	pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-6317, GHSA-pr3r-4wrp-r2pv

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96bd-6tam-1qc5

url VCID-9a2q-8rt6-x7g1

vulnerability_id VCID-9a2q-8rt6-x7g1

summary

activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `json/encoding.rb` in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.

references

reference_url

http://openwall.com/lists/oss-security/2015/06/16/17

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2015/06/16/17

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3226

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43705
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3226

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ

reference_url	https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU

reference_url

https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ

reference_url

https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231

reference_url

https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3226

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486
reference_id	790486
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486

reference_url

reference_id

CVE-2015-3226

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3226

reference_url

https://github.com/advisories/GHSA-vxvp-4xwc-jpp6

reference_id

GHSA-vxvp-4xwc-jpp6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vxvp-4xwc-jpp6

fixed_packages

url	pkg:deb/debian/rails@2:4.2.4-2?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.4-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2015-3226, GHSA-vxvp-4xwc-jpp6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9a2q-8rt6-x7g1

url VCID-9k6x-w193-euh4

vulnerability_id VCID-9k6x-w193-euh4

summary

Rails has possible Sensitive Session Information Leak in Active Storage
# Possible Sensitive Session Information Leak in Active Storage

There is a possible sensitive session information leak in Active Storage.  By
default, Active Storage sends a `Set-Cookie` header along with the user's
session cookie when serving blobs.  It also sets `Cache-Control` to public.
Certain proxies may cache the Set-Cookie, leading to an information leak.

This vulnerability has been assigned the CVE identifier CVE-2024-26144.

Versions Affected:  >= 5.2.0, < 7.1.0
Not affected:       < 5.2.0, > 7.1.0
Fixed Versions:     7.0.8.1, 6.1.7.7

Impact
------
A proxy which chooses to caches this request can cause users to share
sessions. This may include a user receiving an attacker's session or vice
versa.

This was patched in 7.1.0 but not previously identified as a security
vulnerability.

All users running an affected release should either upgrade or use one of the
workarounds immediately.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Upgrade to Rails 7.1.X, or configure caching proxies not to cache the
Set-Cookie headers.

Credits
-------

Thanks to [tyage](https://hackerone.com/tyage) for reporting this!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-26144

reference_id

reference_type

scores

value	0.04252
scoring_system	epss
scoring_elements	0.88985
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-26144

reference_url

https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/

url

https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/

url

https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433

reference_url

https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/

url

https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3

reference_url

https://security.netapp.com/advisory/ntap-20240510-0013

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240510-0013

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119
reference_id	1065119
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2266063
reference_id	2266063
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2266063

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-26144

reference_id

CVE-2024-26144

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-26144

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml

reference_id

CVE-2024-26144.YML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml

reference_id

CVE-2024-26144.YML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml

reference_url

https://github.com/advisories/GHSA-8h22-8cf7-hq6g

reference_id

GHSA-8h22-8cf7-hq6g

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8h22-8cf7-hq6g

reference_url

https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g

reference_id

GHSA-8h22-8cf7-hq6g

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/

url

https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g

reference_url

https://security.netapp.com/advisory/ntap-20240510-0013/

reference_id

ntap-20240510-0013

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/

url

https://security.netapp.com/advisory/ntap-20240510-0013/

reference_url	https://access.redhat.com/errata/RHSA-2024:10806
reference_id	RHSA-2024:10806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10806

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-26144, GHSA-8h22-8cf7-hq6g

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9k6x-w193-euh4

url VCID-9w4d-2z52-wyaf

vulnerability_id VCID-9w4d-2z52-wyaf

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33167

reference_id

reference_type

scores

value	0.00022
scoring_system	epss
scoring_elements	0.06433
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33167

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0

reference_url

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/

url

https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6

reference_id

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/

url

https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33167

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33167

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450552
reference_id	2450552
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450552

reference_url

https://github.com/advisories/GHSA-pgm4-439c-5jp6

reference_id

GHSA-pgm4-439c-5jp6

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pgm4-439c-5jp6

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33167, GHSA-pgm4-439c-5jp6

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9w4d-2z52-wyaf

url VCID-9xfd-d2ff-uuec

vulnerability_id VCID-9xfd-d2ff-uuec

summary

SQL Injection Vulnerabilities Affecting PostgreSQL
SQLi vulnerability in activerecord.

references

reference_url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0877.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0877.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3483

reference_id

reference_type

scores

value	0.00924
scoring_system	epss
scoring_elements	0.76349
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3483

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483

reference_url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

reference_url	https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4

reference_url

https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3483

reference_url

reference_id

CVE-2014-3483

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3483

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml

reference_id

CVE-2014-3483.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml

reference_url

https://github.com/advisories/GHSA-r8fh-hq2p-7qhq

reference_id

GHSA-r8fh-hq2p-7qhq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r8fh-hq2p-7qhq

fixed_packages

url	pkg:deb/debian/rails@2:4.1.4-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.1.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.4-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-3483, GHSA-r8fh-hq2p-7qhq, OSV-108665

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xfd-d2ff-uuec

url VCID-ahgm-vw45-33a2

vulnerability_id VCID-ahgm-vw45-33a2

summary

Ruby on Rails Potential XSS Vulnerability in select_tag prompt
When a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3463

reference_url

reference_id

reference_type

scores

value	0.00333
scoring_system	epss
scoring_elements	0.56344
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3463

reference_url

https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64

reference_url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ

reference_url

https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain

reference_url

https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1

reference_url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_url	http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3463

reference_id

CVE-2012-3463

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3463

reference_url

https://github.com/advisories/GHSA-98mf-8f57-64qf

reference_id

GHSA-98mf-8f57-64qf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-98mf-8f57-64qf

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-3463, GHSA-98mf-8f57-64qf, OSV-84515

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ahgm-vw45-33a2

url VCID-ajrj-qz9v-27d5

vulnerability_id VCID-ajrj-qz9v-27d5

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8167

reference_id

reference_type

scores

value	0.00427
scoring_system	epss
scoring_elements	0.62697
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8167

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

reference_url

https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0

reference_url

https://hackerone.com/reports/189878

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/189878

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8167

reference_url

reference_id

CVE-2020-8167

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8167

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml

reference_id

CVE-2020-8167.YML

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml

reference_url

https://github.com/advisories/GHSA-xq5j-gw7f-jgj8

reference_id

GHSA-xq5j-gw7f-jgj8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xq5j-gw7f-jgj8

fixed_packages

url	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8167, GHSA-xq5j-gw7f-jgj8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajrj-qz9v-27d5

url VCID-apra-79g2-wkfn

vulnerability_id VCID-apra-79g2-wkfn

summary

Improper Input Validation
The Rails gem allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2098

reference_id

reference_type

scores

value	0.83256
scoring_system	epss
scoring_elements	0.99285
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2098

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q

reference_url	https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q

reference_url

https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725

reference_url

https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ

reference_url

https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122

reference_url

https://www.exploit-db.com/exploits/40086

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/40086

reference_url	https://www.exploit-db.com/exploits/40086/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/40086/

reference_url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2098

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb
reference_id	CVE-2016-2098
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb

reference_url

reference_id

CVE-2016-2098

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2098

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml

reference_id

CVE-2016-2098.YML

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml

reference_url

https://github.com/advisories/GHSA-78rc-8c29-p45g

reference_id

GHSA-78rc-8c29-p45g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-78rc-8c29-p45g

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.2-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-2098, GHSA-78rc-8c29-p45g

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-apra-79g2-wkfn

url VCID-auvj-pgpu-mybv

vulnerability_id VCID-auvj-pgpu-mybv

summary

XSS Vulnerability in the `sanitize` helper
The `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1857

reference_url

reference_id

reference_type

scores

value	0.00625
scoring_system	epss
scoring_elements	0.70518
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1857

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1857

reference_id

CVE-2013-1857

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1857

reference_url

https://github.com/advisories/GHSA-j838-vfpq-fmf2

reference_id

GHSA-j838-vfpq-fmf2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j838-vfpq-fmf2

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-1857, GHSA-j838-vfpq-fmf2, OSV-91454

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-auvj-pgpu-mybv

url VCID-b3nn-de8y-e3g4

vulnerability_id VCID-b3nn-de8y-e3g4

summary

activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.rb` in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3464

reference_url

reference_id

reference_type

scores

value	0.00245
scoring_system	epss
scoring_elements	0.47921
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3464

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce

reference_url

https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23

reference_url

https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870

reference_url

https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc

reference_url

https://github.com/rails/rails/issues/7215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/issues/7215

reference_url

https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain

reference_url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3464

reference_id

CVE-2012-3464

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3464

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml

reference_id

CVE-2012-3464.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml

reference_url

https://github.com/advisories/GHSA-h835-75hw-pj89

reference_id

GHSA-h835-75hw-pj89

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-h835-75hw-pj89

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-3464, GHSA-h835-75hw-pj89, OSV-84516

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b3nn-de8y-e3g4

url VCID-be3d-1x2j-qffu

vulnerability_id VCID-be3d-1x2j-qffu

summary multiple issues

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22885

reference_id

reference_type

scores

value	0.01264
scoring_system	epss
scoring_elements	0.79757
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22885

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

reference_url

https://hackerone.com/reports/1106652

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1106652

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22885

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22885

reference_url

https://security.netapp.com/advisory/ntap-20210805-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210805-0009

reference_url	https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210805-0009/

reference_url	https://www.debian.org/security/2021/dsa-4929
reference_id
reference_type
scores
url	https://www.debian.org/security/2021/dsa-4929

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
reference_id	988214
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214

reference_url

reference_id

AVG-1920

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1921

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2090

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2223

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-hjg4-8q5f-x6fm

reference_url

reference_id

GHSA-hjg4-8q5f-x6fm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hjg4-8q5f-x6fm

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22885, GHSA-hjg4-8q5f-x6fm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be3d-1x2j-qffu

url VCID-bkb7-2vvb-zfeq

vulnerability_id VCID-bkb7-2vvb-zfeq

summary

Rails Denial of Service vulnerability
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-4112

reference_id

reference_type

scores

value	0.07371
scoring_system	epss
scoring_elements	0.91837
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-4112

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/28364

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/28364

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454

reference_url

https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded

reference_url

https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673

reference_url

http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure

reference_url

http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml

reference_url

http://www.kb.cert.org/vuls/id/699540

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.kb.cert.org/vuls/id/699540

reference_url

http://www.novell.com/linux/security/advisories/2006_21_sr.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.novell.com/linux/security/advisories/2006_21_sr.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255
reference_id	382255
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2006-4112

reference_id

CVE-2006-4112

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2006-4112

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml

reference_id

CVE-2006-4112.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml

reference_url

https://github.com/advisories/GHSA-9wrq-xvmp-xjc8

reference_id

GHSA-9wrq-xvmp-xjc8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9wrq-xvmp-xjc8

reference_url	https://security.gentoo.org/glsa/200608-20
reference_id	GLSA-200608-20
reference_type
scores
url	https://security.gentoo.org/glsa/200608-20

fixed_packages

url	pkg:deb/debian/rails@1.1.6-1?distro=trixie
purl	pkg:deb/debian/rails@1.1.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.1.6-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2006-4112, GHSA-9wrq-xvmp-xjc8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bkb7-2vvb-zfeq

url VCID-byja-ds8p-53c8

vulnerability_id VCID-byja-ds8p-53c8

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21831

reference_id

reference_type

scores

value	0.0142
scoring_system	epss
scoring_elements	0.80903
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21831

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e

reference_url

https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_url

https://rubysec.com/advisories/CVE-2022-21831

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://rubysec.com/advisories/CVE-2022-21831

reference_url

https://security.netapp.com/advisory/ntap-20221118-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221118-0001

reference_url	https://security.netapp.com/advisory/ntap-20221118-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20221118-0001/

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21831

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940
reference_id	1011940
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940

reference_url

reference_id

CVE-2022-21831

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21831

reference_url	https://rubysec.com/advisories/CVE-2022-21831/
reference_id	CVE-2022-21831
reference_type
scores
url	https://rubysec.com/advisories/CVE-2022-21831/

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.yml

reference_id

CVE-2022-21831.YML

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.yml

reference_url

https://github.com/advisories/GHSA-w749-p3v6-hccq

reference_id

GHSA-w749-p3v6-hccq

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-w749-p3v6-hccq

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.4.7%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.4.7%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.7%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-21831, GHSA-w749-p3v6-hccq, GMS-2022-301

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-byja-ds8p-53c8

url VCID-c3hd-njh3-b3bg

vulnerability_id VCID-c3hd-njh3-b3bg

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.

references

reference_url	http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
reference_id
reference_type
scores
url	http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

reference_url	http://gist.github.com/8946
reference_id
reference_type
scores
url	http://gist.github.com/8946

reference_url

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

reference_url

http://rails.lighthouseapp.com/projects/8994/tickets/288

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rails.lighthouseapp.com/projects/8994/tickets/288

reference_url

http://rails.lighthouseapp.com/projects/8994/tickets/964

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rails.lighthouseapp.com/projects/8994/tickets/964

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-4094

reference_id

reference_type

scores

value	0.03119
scoring_system	epss
scoring_elements	0.87069
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-4094

reference_url	http://secunia.com/advisories/31875
reference_id
reference_type
scores
url	http://secunia.com/advisories/31875

reference_url	http://secunia.com/advisories/31909
reference_id
reference_type
scores
url	http://secunia.com/advisories/31909

reference_url	http://secunia.com/advisories/31910
reference_id
reference_type
scores
url	http://secunia.com/advisories/31910

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/45109

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/45109

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645

reference_url

https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

reference_url

https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch

reference_url

https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch

reference_url

https://web.archive.org/web/20081104151751/http://gist.github.com/8946

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081104151751/http://gist.github.com/8946

reference_url

https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875

reference_url	https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/
reference_id
reference_type
scores
url	https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/

reference_url

https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909

reference_url

https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910

reference_url

https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562

reference_url

https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176

reference_url

https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871

reference_url

http://www.openwall.com/lists/oss-security/2008/09/13/2

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2008/09/13/2

reference_url

http://www.openwall.com/lists/oss-security/2008/09/16/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2008/09/16/1

reference_url

http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter

reference_url	http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
reference_id
reference_type
scores
url	http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/

reference_url	http://www.securityfocus.com/bid/31176
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/31176

reference_url	http://www.securitytracker.com/id?1020871
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1020871

reference_url	http://www.vupen.com/english/advisories/2008/2562
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/2562

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791
reference_id	500791
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-4094

reference_id

CVE-2008-4094

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-4094

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml

reference_id

CVE-2008-4094.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml

reference_url

https://github.com/advisories/GHSA-xf96-32q2-9rw2

reference_id

GHSA-xf96-32q2-9rw2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xf96-32q2-9rw2

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@2.1.0-1?distro=trixie
purl	pkg:deb/debian/rails@2.1.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.1.0-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2008-4094, GHSA-xf96-32q2-9rw2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3hd-njh3-b3bg

url VCID-ct3m-wed2-6bhq

vulnerability_id VCID-ct3m-wed2-6bhq

summary

Path Traversal
The Rails gem allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` in a pathname.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0752

reference_url

reference_id

reference_type

scores

value	0.90494
scoring_system	epss
scoring_elements	0.99626
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0752

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00

reference_url

https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ

reference_url

https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801

reference_url

https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752

reference_url

https://www.exploit-db.com/exploits/40561

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/40561

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://www.openwall.com/lists/oss-security/2016/01/25/13

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://www.openwall.com/lists/oss-security/2016/01/25/13

reference_url

http://www.securityfocus.com/bid/81801

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://www.securityfocus.com/bid/81801

reference_url

http://www.securitytracker.com/id/1034816

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://www.securitytracker.com/id/1034816

reference_url

https://www.exploit-db.com/exploits/40561/

reference_id

40561

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

https://www.exploit-db.com/exploits/40561/

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb
reference_id	CVE-2016-0752
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0752

reference_id

CVE-2016-0752

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0752

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml

reference_id

CVE-2016-0752.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml

reference_id

CVE-2016-0752.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml

reference_url

https://github.com/advisories/GHSA-xrr4-p6fq-hjg7

reference_id

GHSA-xrr4-p6fq-hjg7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-xrr4-p6fq-hjg7

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-0752, GHSA-xrr4-p6fq-hjg7

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ct3m-wed2-6bhq

url VCID-d7rs-7c74-xkex

vulnerability_id VCID-d7rs-7c74-xkex

summary

Improper Authentication
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.

references

reference_url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_url

http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-2422

reference_id

reference_type

scores

value	0.00403
scoring_system	epss
scoring_elements	0.61174
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-2422

reference_url	http://secunia.com/advisories/35702
reference_id
reference_type
scores
url	http://secunia.com/advisories/35702

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/51528

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/51528

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702

reference_url

https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579

reference_url

http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest

reference_url	http://www.securityfocus.com/bid/35579
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/35579

reference_url	http://www.vupen.com/english/advisories/2009/1802
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/1802

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896
reference_id	535896
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-2422

reference_id

CVE-2009-2422

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-2422

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml

reference_id

CVE-2009-2422.YML

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml

reference_url

https://github.com/advisories/GHSA-rxq3-gm4p-5fj4

reference_id

GHSA-rxq3-gm4p-5fj4

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rxq3-gm4p-5fj4

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@2.3.5-1?distro=trixie
purl	pkg:deb/debian/rails@2.3.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2009-2422, GHSA-rxq3-gm4p-5fj4

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7rs-7c74-xkex

url VCID-d7z6-98fp-r3g2

vulnerability_id VCID-d7z6-98fp-r3g2

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

references

reference_url

http://openwall.com/lists/oss-security/2014/02/18/9

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/02/18/9

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0080

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48225
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0080

reference_url

https://github.com/rails/rails/tree/main/activerecord

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/tree/main/activerecord

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s

reference_url

https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0080

reference_id

CVE-2014-0080

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0080

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml

reference_id

CVE-2014-0080.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml

reference_url

https://github.com/advisories/GHSA-hqf9-rc9j-5fmj

reference_id

GHSA-hqf9-rc9j-5fmj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-hqf9-rc9j-5fmj

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-0080, GHSA-hqf9-rc9j-5fmj, OSV-103438

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7z6-98fp-r3g2

url VCID-da4s-nffz-37de

vulnerability_id VCID-da4s-nffz-37de

summary

Possible DoS Vulnerability
A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: `"some string #{user_input}" % some_number`

references

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4389

reference_id

reference_type

scores

value	0.01333
scoring_system	epss
scoring_elements	0.80279
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417

reference_url	http://seclists.org/oss-sec/2013/q4/118
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2013/q4/118

reference_url

https://github.com/rails/rails/tree/main/actionmailer

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/tree/main/actionmailer

reference_url

https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ

reference_url

http://www.debian.org/security/2014/dsa-2887

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2014/dsa-2887

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4389

reference_url

reference_id

CVE-2013-4389

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4389

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml

reference_id

CVE-2013-4389.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml

reference_url

https://github.com/advisories/GHSA-rg5m-3fqp-6px8

reference_id

GHSA-rg5m-3fqp-6px8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rg5m-3fqp-6px8

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-4389, GHSA-rg5m-3fqp-6px8, OSV-98629

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-da4s-nffz-37de

url VCID-de5p-39kn-pkd3

vulnerability_id VCID-de5p-39kn-pkd3

summary

actionpack Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3465

reference_url

reference_id

reference_type

scores

value	0.00333
scoring_system	epss
scoring_elements	0.56344
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3465

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77

reference_url

https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a

reference_url

https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain

reference_url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3465

reference_id

CVE-2012-3465

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3465

reference_url

https://github.com/advisories/GHSA-7g65-ghrg-hpf5

reference_id

GHSA-7g65-ghrg-hpf5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7g65-ghrg-hpf5

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-3465, GHSA-7g65-ghrg-hpf5, OSV-84513

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de5p-39kn-pkd3

url VCID-dyc8-6n4n-cyap

vulnerability_id VCID-dyc8-6n4n-cyap

summary

references

reference_url

http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8163

reference_id

reference_type

scores

value	0.91071
scoring_system	epss
scoring_elements	0.99658
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8163

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0

reference_url

https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0

reference_url

https://hackerone.com/reports/304805

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/304805

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb
reference_id	CVE-2020-8163
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8163

reference_id

CVE-2020-8163

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8163

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml

reference_id

CVE-2020-8163.YML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml

reference_url

https://github.com/advisories/GHSA-cr3x-7m39-c6jq

reference_id

GHSA-cr3x-7m39-c6jq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cr3x-7m39-c6jq

fixed_packages

url	pkg:deb/debian/rails@2:5.2.0%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.0%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.0%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8163, GHSA-cr3x-7m39-c6jq

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dyc8-6n4n-cyap

url VCID-dz1r-ae9g-57en

vulnerability_id VCID-dz1r-ae9g-57en

summary

Exposure of Sensitive Information to an Unauthorized Actor
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-3086

reference_id

reference_type

scores

value	0.00556
scoring_system	epss
scoring_elements	0.68467
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-3086

reference_url	http://secunia.com/advisories/36600
reference_id
reference_type
scores
url	http://secunia.com/advisories/36600

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0

reference_url

https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978

reference_url

https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686

reference_url

https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544

reference_url

https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600

reference_url

https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427

reference_url

http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-3086

reference_url	http://www.securityfocus.com/bid/37427
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/37427

reference_url	http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/2544

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
reference_id	545063
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063

reference_url

reference_id

CVE-2009-3086

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-3086

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml

reference_id

CVE-2009-3086.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml

reference_id

CVE-2009-3086.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml

reference_url

https://github.com/advisories/GHSA-fg9w-g6m4-557j

reference_id

GHSA-fg9w-g6m4-557j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fg9w-g6m4-557j

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@2.2.3-1?distro=trixie
purl	pkg:deb/debian/rails@2.2.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.2.3-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2009-3086, GHSA-fg9w-g6m4-557j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dz1r-ae9g-57en

url VCID-dz3y-jthf-ukc7

vulnerability_id VCID-dz3y-jthf-ukc7

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15169

reference_id

reference_type

scores

value	0.01184
scoring_system	epss
scoring_elements	0.79095
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15169

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e

reference_url

https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

reference_url

https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15169

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040
reference_id	970040
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040

reference_url

reference_id

CVE-2020-15169

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15169

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml

reference_id

CVE-2020-15169.YML

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml

reference_url

https://github.com/advisories/GHSA-cfjv-5498-mph5

reference_id

GHSA-cfjv-5498-mph5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cfjv-5498-mph5

reference_url

https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5

reference_id

GHSA-cfjv-5498-mph5

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-15169, GHSA-cfjv-5498-mph5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dz3y-jthf-ukc7

url VCID-e4f9-zs85-4bgh

vulnerability_id VCID-e4f9-zs85-4bgh

summary multiple issues

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22902

reference_id

reference_type

scores

value	0.00677
scoring_system	epss
scoring_elements	0.7185
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22902

reference_url

https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails/releases/tag/v6.0.3.7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.0.3.7

reference_url

https://github.com/rails/rails/releases/tag/v6.1.3.2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.3.2

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22902.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22902.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/_5ID_ld9u1c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/_5ID_ld9u1c

reference_url

https://hackerone.com/reports/1138654

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1138654

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22902

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22902

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
reference_id	988214
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214

reference_url

reference_id

AVG-2090

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2223

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-g8ww-46x2-2p65

reference_url

reference_id

GHSA-g8ww-46x2-2p65

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g8ww-46x2-2p65

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22902, GHSA-g8ww-46x2-2p65

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4f9-zs85-4bgh

url VCID-e5rt-g6h6-4fhh

vulnerability_id VCID-e5rt-g6h6-4fhh

summary

activesupport vulnerable to Denial of Service via large XML document depth
The (1) `jdom.rb` and (2) `rexml.rb` components in Active Support in Ruby on Rails before 3.2.22, 4.1.x before 4.1.11, and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html

reference_url

http://openwall.com/lists/oss-security/2015/06/16/16

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2015/06/16/16

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3227

reference_id

reference_type

scores

value	0.02683
scoring_system	epss
scoring_elements	0.86105
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3227

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3

reference_url

https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680

reference_url

https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d

reference_url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk

reference_url

https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234

reference_url

https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3227

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487
reference_id	790487
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487

reference_url

reference_id

CVE-2015-3227

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3227

reference_url

https://github.com/advisories/GHSA-j96r-xvjq-r9pg

reference_id

GHSA-j96r-xvjq-r9pg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j96r-xvjq-r9pg

fixed_packages

url	pkg:deb/debian/rails@2:4.2.4-2?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.4-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2015-3227, GHSA-j96r-xvjq-r9pg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e5rt-g6h6-4fhh

url VCID-e61m-wvm5-bqev

vulnerability_id VCID-e61m-wvm5-bqev

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24293.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24293.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-24293

reference_id

reference_type

scores

value	0.00209
scoring_system	epss
scoring_elements	0.43299
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-24293

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-r4mg-4433-c7g3

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-02T14:45:32Z/

url

https://github.com/advisories/GHSA-r4mg-4433-c7g3

reference_url

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1b1adf6ee6ca0f3104fcfce79360b2ec1e06a354

reference_url

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1b1adf6ee6ca0f3104fcfce79360b2ec1e06a354

reference_url

https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce

reference_url

https://github.com/rails/rails/commit/fb8f3a18c3d97524c0efc29150d1e5f3162fbb13

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/fb8f3a18c3d97524c0efc29150d1e5f3162fbb13

reference_url

https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2025-24293.yml

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2025-24293.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-24293

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-24293

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2435565
reference_id	2435565
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2435565

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u4?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u4%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2025-24293, GHSA-r4mg-4433-c7g3

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e61m-wvm5-bqev

url VCID-ee5t-31ju-zfb1

vulnerability_id VCID-ee5t-31ju-zfb1

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22796

reference_id

reference_type

scores

value	0.01525
scoring_system	epss
scoring_elements	0.81583
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/

url

https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8

reference_url

https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef

reference_url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164736
reference_id	2164736
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164736

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22796

reference_id

CVE-2023-22796

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22796

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml

reference_id

CVE-2023-22796.YML

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml

reference_url

https://github.com/advisories/GHSA-j6gc-792m-qgm2

reference_id

GHSA-j6gc-792m-qgm2

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j6gc-792m-qgm2

reference_url

https://security.netapp.com/advisory/ntap-20240202-0009/

reference_id

ntap-20240202-0009

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/

url

https://security.netapp.com/advisory/ntap-20240202-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:4341
reference_id	RHSA-2023:4341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4341

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22796, GHSA-j6gc-792m-qgm2, GMS-2023-61

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ee5t-31ju-zfb1

url VCID-eecu-e2ds-jbdc

vulnerability_id VCID-eecu-e2ds-jbdc

summary

URL Redirection to Untrusted Site ('Open Redirect')
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44528

reference_id

reference_type

scores

value	0.28611
scoring_system	epss
scoring_elements	0.96612
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44528

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/blob/v6.1.4.2/actionpack/CHANGELOG.md#rails-6142-december-14-2021

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/blob/v6.1.4.2/actionpack/CHANGELOG.md#rails-6142-december-14-2021

reference_url

https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815

reference_url

https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107

reference_url

https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ

reference_url

https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ?utm_medium=email&utm_source=footer

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ?utm_medium=email&utm_source=footer

reference_url

https://security.netapp.com/advisory/ntap-20240208-0003

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240208-0003

reference_url	https://security.netapp.com/advisory/ntap-20240208-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240208-0003/

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-44528

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001817
reference_id	1001817
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001817

reference_url

reference_id

CVE-2021-44528

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-44528

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-44528.yml

reference_id

CVE-2021-44528.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-44528.yml

reference_url

https://github.com/advisories/GHSA-qphc-hf5q-v8fc

reference_id

GHSA-qphc-hf5q-v8fc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qphc-hf5q-v8fc

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.6%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-44528, GHSA-qphc-hf5q-v8fc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eecu-e2ds-jbdc

url VCID-f22x-hsz9-kfau

vulnerability_id VCID-f22x-hsz9-kfau

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-41128

reference_id

reference_type

scores

value	0.00774
scoring_system	epss
scoring_elements	0.73907
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-41128

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2319036

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2319036

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075

reference_url

https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef

reference_url

https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891

reference_url

https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id	1085376
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376

reference_url

https://access.redhat.com/security/cve/cve-2024-41128

reference_id

CVE-2024-41128

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://access.redhat.com/security/cve/cve-2024-41128

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-41128

reference_id

CVE-2024-41128

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-41128

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml

reference_id

CVE-2024-41128.YML

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml

reference_url

https://github.com/advisories/GHSA-x76w-6vjr-8xgj

reference_id

GHSA-x76w-6vjr-8xgj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x76w-6vjr-8xgj

reference_url

https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj

reference_id

GHSA-x76w-6vjr-8xgj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj

reference_url	https://usn.ubuntu.com/7290-1/
reference_id	USN-7290-1
reference_type
scores
url	https://usn.ubuntu.com/7290-1/

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-41128, GHSA-x76w-6vjr-8xgj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f22x-hsz9-kfau

url VCID-f4zb-2ajn-w3et

vulnerability_id VCID-f4zb-2ajn-w3et

summary

Possible Input Validation Circumvention
Code that uses Active Model based models (including Active Record models) and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacted by this issue as they are encouraged to allow parameters and must specifically opt-out of input verification using the `permit!` method to allow mass assignment.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0753

reference_url

reference_id

reference_type

scores

value	0.02328
scoring_system	epss
scoring_elements	0.85088
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ

reference_url

https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816

reference_url

https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247

reference_url

https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/14

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/14

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0753

reference_id

CVE-2016-0753

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0753

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml

reference_id

CVE-2016-0753.YML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml

reference_url

https://github.com/advisories/GHSA-543v-gj2c-r3ch

reference_id

GHSA-543v-gj2c-r3ch

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-543v-gj2c-r3ch

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-0753, GHSA-543v-gj2c-r3ch

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4zb-2ajn-w3et

url VCID-f8s8-epzh-3bhw

vulnerability_id VCID-f8s8-epzh-3bhw

summary

Denial of Service Vulnerability when using render :text
Strings sent in specially crafted headers will be converted to symbols.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html

reference_url

http://openwall.com/lists/oss-security/2014/02/18/10

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/02/18/10

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0082

reference_url

reference_id

reference_type

scores

value	0.06456
scoring_system	epss
scoring_elements	0.91215
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ

reference_url

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release

reference_url	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
reference_id
reference_type
scores
url	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0082

reference_id

CVE-2014-0082

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0082

reference_url

https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082

reference_id

CVE-2014-0082

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml

reference_id

CVE-2014-0082.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml

reference_url

https://github.com/advisories/GHSA-7cgp-c3g7-qvrw

reference_id

GHSA-7cgp-c3g7-qvrw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7cgp-c3g7-qvrw

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-0082, GHSA-7cgp-c3g7-qvrw, OSV-103440

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f8s8-epzh-3bhw

url VCID-fm16-z8wy-6fgz

vulnerability_id VCID-fm16-z8wy-6fgz

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.

references

reference_url

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063

reference_url

http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source

reference_url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-3009

reference_id

reference_type

scores

value	0.01632
scoring_system	epss
scoring_elements	0.82215
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-3009

reference_url

http://secunia.com/advisories/36600

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/36600

reference_url

http://secunia.com/advisories/36717

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/36717

reference_url

http://securitytracker.com/id?1022824

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://securitytracker.com/id?1022824

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/53036

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/53036

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails

reference_url

http://www.debian.org/security/2009/dsa-1887

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2009/dsa-1887

reference_url

http://www.osvdb.org/57666

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.osvdb.org/57666

reference_url

http://www.securityfocus.com/bid/36278

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/36278

reference_url

http://www.vupen.com/english/advisories/2009/2544

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vupen.com/english/advisories/2009/2544

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
reference_id	545063
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-3009

reference_id

CVE-2009-3009

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-3009

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml

reference_id

CVE-2009-3009.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml

reference_url

https://github.com/advisories/GHSA-8qrh-h9m2-5fvf

reference_id

GHSA-8qrh-h9m2-5fvf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-8qrh-h9m2-5fvf

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@2.2.3-1?distro=trixie
purl	pkg:deb/debian/rails@2.2.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.2.3-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2009-3009, GHSA-8qrh-h9m2-5fvf, OSV-57666

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fm16-z8wy-6fgz

url VCID-fnkq-8eys-gygm

vulnerability_id VCID-fnkq-8eys-gygm

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28103

reference_id

reference_type

scores

value	0.00832
scoring_system	epss
scoring_elements	0.74897
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28103

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/

url

https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523

reference_url

https://security.netapp.com/advisory/ntap-20241206-0002

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241206-0002

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705
reference_id	1072705
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2290530
reference_id	2290530
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2290530

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-28103

reference_id

CVE-2024-28103

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-28103

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml

reference_id

CVE-2024-28103.YML

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml

reference_url

https://github.com/advisories/GHSA-fwhr-88qx-h9g7

reference_id

GHSA-fwhr-88qx-h9g7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fwhr-88qx-h9g7

reference_url

https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7

reference_id

GHSA-fwhr-88qx-h9g7

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/

url

https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-28103, GHSA-fwhr-88qx-h9g7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnkq-8eys-gygm

url VCID-fqcm-4af1-e3c1

vulnerability_id VCID-fqcm-4af1-e3c1

summary

Ruby on Rails vulnerable to code injection
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.

references

reference_url

http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-4111

reference_id

reference_type

scores

value	0.03984
scoring_system	epss
scoring_elements	0.88603
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-4111

reference_url

https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454

reference_url

https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673

reference_url

http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits

reference_url

http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml

reference_url

http://www.novell.com/linux/security/advisories/2006_21_sr.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.novell.com/linux/security/advisories/2006_21_sr.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255
reference_id	382255
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2006-4111

reference_id

CVE-2006-4111

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2006-4111

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml

reference_id

CVE-2006-4111.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml

reference_url

https://github.com/advisories/GHSA-rvpq-5xqx-pfpp

reference_id

GHSA-rvpq-5xqx-pfpp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rvpq-5xqx-pfpp

reference_url	https://security.gentoo.org/glsa/200608-20
reference_id	GLSA-200608-20
reference_type
scores
url	https://security.gentoo.org/glsa/200608-20

fixed_packages

url	pkg:deb/debian/rails@1.1.5-1?distro=trixie
purl	pkg:deb/debian/rails@1.1.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.1.5-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2006-4111, GHSA-rvpq-5xqx-pfpp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqcm-4af1-e3c1

url VCID-fqw6-tq5j-2udc

vulnerability_id VCID-fqw6-tq5j-2udc

summary

Moderate severity vulnerability that affects rails
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://docs.info.apple.com/article.html?artnum=307179

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://docs.info.apple.com/article.html?artnum=307179

reference_url

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-5379

reference_id

reference_type

scores

value	0.10596
scoring_system	epss
scoring_elements	0.93407
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-5379

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_url

https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453

reference_url	http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_url

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-5379

reference_url

reference_id

CVE-2007-5379

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-5379

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml

reference_id

CVE-2007-5379.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml

reference_url

https://github.com/advisories/GHSA-fjfg-q662-gm6j

reference_id

GHSA-fjfg-q662-gm6j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fjfg-q662-gm6j

reference_url	https://security.gentoo.org/glsa/200711-17
reference_id	GLSA-200711-17
reference_type
scores
url	https://security.gentoo.org/glsa/200711-17

fixed_packages

url	pkg:deb/debian/rails@1.2.5-1?distro=trixie
purl	pkg:deb/debian/rails@1.2.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.2.5-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2007-5379, GHSA-fjfg-q662-gm6j, OSV-40717

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqw6-tq5j-2udc

url VCID-fyxy-39kr-afde

vulnerability_id VCID-fyxy-39kr-afde

summary

Response Splitting Vulnerability in Ruby on Rails
A response splitting flaw can allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-3186

reference_id

reference_type

scores

value	0.00814
scoring_system	epss
scoring_elements	0.74586
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-3186

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=732156

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=732156

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9

reference_url	https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g

reference_url

https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-3186

reference_id

CVE-2011-3186

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-3186

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml

reference_id

CVE-2011-3186.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml

reference_url

https://github.com/advisories/GHSA-fcqf-h4h4-695m

reference_id

GHSA-fcqf-h4h4-695m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fcqf-h4h4-695m

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-3186, GHSA-fcqf-h4h4-695m, OSV-74616

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fyxy-39kr-afde

url VCID-ghfd-u91m-dbdz

vulnerability_id VCID-ghfd-u91m-dbdz

summary

Denial of Service Vulnerability in Action View
There is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6414

reference_url

reference_id

reference_type

scores

value	0.70843
scoring_system	epss
scoring_elements	0.98725
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6414

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417

reference_url	http://seclists.org/oss-sec/2013/q4/400
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2013/q4/400

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg

reference_url

https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836

reference_url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release

reference_url	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
reference_id
reference_type
scores
url	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-6414

reference_id

CVE-2013-6414

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6414

reference_url

https://puppet.com/security/cve/cve-2013-6414

reference_id

CVE-2013-6414

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://puppet.com/security/cve/cve-2013-6414

reference_url

https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414

reference_id

CVE-2013-6414

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml

reference_id

CVE-2013-6414.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml

reference_url

https://github.com/advisories/GHSA-mpxf-gcw2-pw5q

reference_id

GHSA-mpxf-gcw2-pw5q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mpxf-gcw2-pw5q

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-6414, GHSA-mpxf-gcw2-pw5q, OSV-100525

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghfd-u91m-dbdz

url VCID-gm6b-9esj-aqep

vulnerability_id VCID-gm6b-9esj-aqep

summary

Exposure of Sensitive Information to an Unauthorized Actor
A bypass vulnerability in Active Storage for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16477

reference_id

reference_type

scores

value	0.0026
scoring_system	epss
scoring_elements	0.49569
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16477

reference_url

https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg

reference_url

https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released

reference_url	https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/
reference_id
reference_type
scores
url	https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848
reference_id	914848
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-16477

reference_id

CVE-2018-16477

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-16477

reference_url

https://github.com/advisories/GHSA-7rr7-rcjw-56vj

reference_id

GHSA-7rr7-rcjw-56vj

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-7rr7-rcjw-56vj

fixed_packages

url	pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2018-16477, GHSA-7rr7-rcjw-56vj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gm6b-9esj-aqep

url VCID-gq64-ywx7-jyfq

vulnerability_id VCID-gq64-ywx7-jyfq

summary

Moderate severity vulnerability that affects rails
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://dev.rubyonrails.org/ticket/8371

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://dev.rubyonrails.org/ticket/8371

reference_url

http://osvdb.org/36378

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://osvdb.org/36378

reference_url

http://pastie.caboo.se/65550.txt

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://pastie.caboo.se/65550.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3227

reference_id

reference_type

scores

value	0.13946
scoring_system	epss
scoring_elements	0.94441
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3227

reference_url

http://secunia.com/advisories/25699

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/25699

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/27756

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/27756

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release

reference_url

http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_url

http://www.novell.com/linux/security/advisories/2007_24_sr.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.novell.com/linux/security/advisories/2007_24_sr.html

reference_url

http://www.securityfocus.com/bid/24161

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/24161

reference_url

http://www.vupen.com/english/advisories/2007/2216

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vupen.com/english/advisories/2007/2216

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177
reference_id	429177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-3227

reference_id

CVE-2007-3227

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-3227

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt
reference_id	CVE-2007-3227;OSVDB-36378
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt

reference_url	https://www.securityfocus.com/bid/24161/info
reference_id	CVE-2007-3227;OSVDB-36378
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/24161/info

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml

reference_id

CVE-2007-3227.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml

reference_url

https://github.com/advisories/GHSA-gm25-fpmr-43fj

reference_id

GHSA-gm25-fpmr-43fj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-gm25-fpmr-43fj

reference_url	https://security.gentoo.org/glsa/200711-17
reference_id	GLSA-200711-17
reference_type
scores
url	https://security.gentoo.org/glsa/200711-17

fixed_packages

url	pkg:deb/debian/rails@1.2.5-1?distro=trixie
purl	pkg:deb/debian/rails@1.2.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.2.5-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2007-3227, GHSA-gm25-fpmr-43fj, OSV-36378

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gq64-ywx7-jyfq

url VCID-gqg3-gs2h-zugf

vulnerability_id VCID-gqg3-gs2h-zugf

summary

XSS vulnerability in sanitize_css in Action Pack
Carefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0698

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0698

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1855

reference_url

reference_id

reference_type

scores

value	0.00536
scoring_system	epss
scoring_elements	0.6776
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1855

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=921331

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=921331

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8

reference_url

https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/

reference_url

https://access.redhat.com/security/cve/CVE-2013-1855

reference_id

CVE-2013-1855

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-1855

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1855

reference_id

CVE-2013-1855

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1855

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml

reference_id

CVE-2013-1855.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml

reference_url

https://github.com/advisories/GHSA-q759-hwvc-m3jg

reference_id

GHSA-q759-hwvc-m3jg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q759-hwvc-m3jg

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-1855, GHSA-q759-hwvc-m3jg, OSV-91452

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gqg3-gs2h-zugf

url VCID-hbym-agkh-fqdj

vulnerability_id VCID-hbym-agkh-fqdj

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8166

reference_id

reference_type

scores

value	0.00443
scoring_system	epss
scoring_elements	0.636
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8166

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

reference_url

https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/

url

https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw

reference_url

https://hackerone.com/reports/732415

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/

url

https://hackerone.com/reports/732415

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8166

reference_url

reference_id

CVE-2020-8166

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8166

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml

reference_id

CVE-2020-8166.YML

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml

reference_url

https://github.com/advisories/GHSA-jp5v-5gx4-jmj9

reference_id

GHSA-jp5v-5gx4-jmj9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jp5v-5gx4-jmj9

fixed_packages

url	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8166, GHSA-jp5v-5gx4-jmj9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbym-agkh-fqdj

url VCID-hkp5-8gz8-m3g6

vulnerability_id VCID-hkp5-8gz8-m3g6

summary

Remote attacker can conduct SQL injection attacks
Ruby on Rails contains a flaw in the Authlogic gem. The issue is triggered when the program makes an unsafe method call for find_by_id. With a specially crafted parameter in an environment that knows the secret_token value in secret_token.rb, a remote attacker to more easily conduct SQL injection attacks.

references

reference_url

http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts

reference_url

http://openwall.com/lists/oss-security/2013/01/03/12

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2013/01/03/12

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6497

reference_id

reference_type

scores

value	0.00397
scoring_system	epss
scoring_elements	0.60848
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6497

reference_url

https://github.com/binarylogic/authlogic

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/binarylogic/authlogic

reference_url

https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873

reference_url	https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873#diff-724a09c582d42a66c65c0bdaadcb21ee
reference_id
reference_type
scores
url	https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873#diff-724a09c582d42a66c65c0bdaadcb21ee

reference_url

https://github.com/binarylogic/authlogic/pull/341

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/binarylogic/authlogic/pull/341

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/authlogic/OSVDB-89064.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/authlogic/OSVDB-89064.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-6497

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6497

reference_url

https://web.archive.org/web/20130104161608/http://www.securityfocus.com/bid/57084

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130104161608/http://www.securityfocus.com/bid/57084

reference_url

https://web.archive.org/web/20130116043311/http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130116043311/http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-6497, GHSA-rx7j-mw4c-76g9, OSV-89064

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkp5-8gz8-m3g6

url VCID-hpu4-xbs2-fugs

vulnerability_id VCID-hpu4-xbs2-fugs

summary

XSS via posted select tag options
Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1099

reference_id

reference_type

scores

value	0.00399
scoring_system	epss
scoring_elements	0.60951
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1099

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=799276

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=799276

reference_url	https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml

reference_url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_url

http://www.debian.org/security/2012/dsa-2466

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2012/dsa-2466

reference_url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_url

http://www.openwall.com/lists/oss-security/2012/03/03/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/03/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-1099

reference_id

CVE-2012-1099

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-1099

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml

reference_id

CVE-2012-1099.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml

reference_url

https://github.com/advisories/GHSA-2xjj-5x6h-8vmf

reference_id

GHSA-2xjj-5x6h-8vmf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-2xjj-5x6h-8vmf

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-1099, GHSA-2xjj-5x6h-8vmf, OSV-79727

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpu4-xbs2-fugs

url VCID-hqc8-8cu1-rfgm

vulnerability_id VCID-hqc8-8cu1-rfgm

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8162

reference_id

reference_type

scores

value	0.01549
scoring_system	epss
scoring_elements	0.81716
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8162

reference_url

https://github.com/aws/aws-sdk-ruby

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/aws/aws-sdk-ruby

reference_url

https://github.com/aws/aws-sdk-ruby/issues/2098

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/aws/aws-sdk-ruby/issues/2098

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ

reference_url

https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ

reference_url

https://hackerone.com/reports/789579

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/789579

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8162

reference_url

reference_id

CVE-2020-8162

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8162

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml

reference_id

CVE-2020-8162.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml

reference_url

https://github.com/advisories/GHSA-m42x-37p3-fv5w

reference_id

GHSA-m42x-37p3-fv5w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m42x-37p3-fv5w

fixed_packages

url	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8162, GHSA-m42x-37p3-fv5w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqc8-8cu1-rfgm

url VCID-hud5-xxhh-u3ex

vulnerability_id VCID-hud5-xxhh-u3ex

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-0446

reference_id

reference_type

scores

value	0.0067
scoring_system	epss
scoring_elements	0.71687
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-0446

reference_url	http://secunia.com/advisories/43274
reference_id
reference_type
scores
url	http://secunia.com/advisories/43274

reference_url	http://secunia.com/advisories/43666
reference_id
reference_type
scores
url	http://secunia.com/advisories/43666

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217

reference_url

https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2

reference_url

https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ

reference_url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274

reference_url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666

reference_url

https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291

reference_url

https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0446

reference_url	http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/46291

reference_url	http://www.securitytracker.com/id?1025064
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1025064

reference_url	http://www.vupen.com/english/advisories/2011/0587
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0587

reference_url	http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0877

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
reference_id	614864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864

reference_url

reference_id

CVE-2011-0446

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0446

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml

reference_id

CVE-2011-0446.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml

reference_id

CVE-2011-0446.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml

reference_url

https://github.com/advisories/GHSA-75w6-p6mg-vh8j

reference_id

GHSA-75w6-p6mg-vh8j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-75w6-p6mg-vh8j

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.11-0.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.11-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.11-0.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-0446, GHSA-75w6-p6mg-vh8j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hud5-xxhh-u3ex

url VCID-j585-zz5s-nqd5

vulnerability_id VCID-j585-zz5s-nqd5

summary

Timing attack vulnerability in basic authentication
Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for `http_basic_authenticate_with` method calls in your application.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7576

reference_url

reference_id

reference_type

scores

value	0.01119
scoring_system	epss
scoring_elements	0.78545
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7576

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k

reference_url

https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816

reference_url

https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/8

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/8

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7576

reference_id

CVE-2015-7576

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7576

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml

reference_id

CVE-2015-7576.YML

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml

reference_url

https://github.com/advisories/GHSA-p692-7mm3-3fxg

reference_id

GHSA-p692-7mm3-3fxg

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p692-7mm3-3fxg

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2015-7576, GHSA-p692-7mm3-3fxg

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j585-zz5s-nqd5

url VCID-jhtd-7tmy-jfaj

vulnerability_id VCID-jhtd-7tmy-jfaj

summary

SQL Injection in Active Record
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

references

reference_url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0876.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0876.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3482

reference_id

reference_type

scores

value	0.01531
scoring_system	epss
scoring_elements	0.8162
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3482

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b

reference_url

https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3482

reference_url

reference_id

CVE-2014-3482

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3482

reference_url

https://github.com/advisories/GHSA-mhwp-qhpc-h3jm

reference_id

GHSA-mhwp-qhpc-h3jm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mhwp-qhpc-h3jm

fixed_packages

url	pkg:deb/debian/rails@2:4.1.4-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.1.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.4-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-3482, GHSA-mhwp-qhpc-h3jm, OSV-108664

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jhtd-7tmy-jfaj

url VCID-jnrw-sue5-zqex

vulnerability_id VCID-jnrw-sue5-zqex

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2931

reference_id

reference_type

scores

value	0.00813
scoring_system	epss
scoring_elements	0.74566
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2931

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731436

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731436

reference_url	http://secunia.com/advisories/45921
reference_id
reference_type
scores
url	http://secunia.com/advisories/45921

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2931

reference_id

CVE-2011-2931

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2931

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml

reference_id

CVE-2011-2931.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml

reference_url

https://github.com/advisories/GHSA-v5jg-558j-q67c

reference_id

GHSA-v5jg-558j-q67c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-v5jg-558j-q67c

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-2931, GHSA-v5jg-558j-q67c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jnrw-sue5-zqex

url VCID-jug9-esjy-8fh5

vulnerability_id VCID-jug9-esjy-8fh5

summary

Active Record component in Ruby on Rails has a data-type injection vulnerability
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database.

references

reference_url

http://openwall.com/lists/oss-security/2013/02/06/7

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2013/02/06/7

reference_url

http://openwall.com/lists/oss-security/2013/04/24/7

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2013/04/24/7

reference_url

http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-3221

reference_id

reference_type

scores

value	0.00483
scoring_system	epss
scoring_elements	0.65498
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-3221

reference_url

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain

reference_url

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain

reference_url

https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-3221

reference_id

CVE-2013-3221

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-3221

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml

reference_id

CVE-2013-3221.YML

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml

reference_url	https://github.com/advisories/GHSA-f57c-hx33-hvh8
reference_id	GHSA-f57c-hx33-hvh8
reference_type
scores
url	https://github.com/advisories/GHSA-f57c-hx33-hvh8

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-3221, GHSA-f57c-hx33-hvh8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jug9-esjy-8fh5

url VCID-k8rq-jbrg-3qb3

vulnerability_id VCID-k8rq-jbrg-3qb3

summary

Nested attributes rejection proc bypass
When using the nested attributes feature in Active Record you can prevent the destruction of associated records by passing the `allow_destroy: false` option to the `accepts_nested_attributes_for` method. The `allow_destroy` flag prevents the `:reject_if` proc from being called because it assumes that the record will be destroyed anyway. However, this is not true if `:allow_destroy` is false so this leads to changes that would have been rejected being applied to the record. Attackers could set attributes to invalid values or clear all the attributes.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7577

reference_url

reference_id

reference_type

scores

value	0.01209
scoring_system	epss
scoring_elements	0.79284
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7577

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/10

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/10

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7577

reference_id

CVE-2015-7577

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7577

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml

reference_id

CVE-2015-7577.YML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml

reference_url

https://github.com/advisories/GHSA-xrr6-3pc4-m447

reference_id

GHSA-xrr6-3pc4-m447

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xrr6-3pc4-m447

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2015-7577, GHSA-xrr6-3pc4-m447

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8rq-jbrg-3qb3

url VCID-kt8w-wxpx-vyf9

vulnerability_id VCID-kt8w-wxpx-vyf9

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22797.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22797.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22797

reference_id

reference_type

scores

value	0.00159
scoring_system	epss
scoring_elements	0.36553
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22797

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:07:07Z/

url

https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22797.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22797.yml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164793
reference_id	2164793
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164793

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22797

reference_id

CVE-2023-22797

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22797

reference_url

https://github.com/advisories/GHSA-9445-4cr6-336r

reference_id

GHSA-9445-4cr6-336r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9445-4cr6-336r

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22797, GHSA-9445-4cr6-336r, GMS-2023-57

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt8w-wxpx-vyf9

url VCID-kyj5-b8wz-pkgj

vulnerability_id VCID-kyj5-b8wz-pkgj

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html

reference_url

http://openwall.com/lists/oss-security/2011/06/09/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2011/06/09/2

reference_url

http://openwall.com/lists/oss-security/2011/06/13/9

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2011/06/13/9

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2197

reference_id

reference_type

scores

value	0.00442
scoring_system	epss
scoring_elements	0.63561
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2197

reference_url	http://secunia.com/advisories/44789
reference_id
reference_type
scores
url	http://secunia.com/advisories/44789

reference_url

https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd

reference_url

https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da

reference_url

http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2197

reference_id

CVE-2011-2197

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2197

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml

reference_id

CVE-2011-2197.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml

reference_url

https://github.com/advisories/GHSA-v9v4-7jp6-8c73

reference_id

GHSA-v9v4-7jp6-8c73

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v9v4-7jp6-8c73

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-2197, GHSA-v9v4-7jp6-8c73

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kyj5-b8wz-pkgj

url VCID-m2hq-ycd3-wyds

vulnerability_id VCID-m2hq-ycd3-wyds

summary

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5267

reference_id

reference_type

scores

value	0.00887
scoring_system	epss
scoring_elements	0.758
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5267

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

reference_url

https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/

reference_url

http://www.openwall.com/lists/oss-security/2020/03/19/1

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/03/19/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304
reference_id	954304
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5267

reference_id

CVE-2020-5267

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5267

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml

reference_id

CVE-2020-5267.YML

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml

reference_url

https://github.com/advisories/GHSA-65cv-r6x7-79hv

reference_id

GHSA-65cv-r6x7-79hv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-65cv-r6x7-79hv

reference_url

https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv

reference_id

GHSA-65cv-r6x7-79hv

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv

fixed_packages

url	pkg:deb/debian/rails@2:5.2.4.1%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.4.1%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.1%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-5267, GHSA-65cv-r6x7-79hv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m2hq-ycd3-wyds

url VCID-m8rg-xa7x-6yan

vulnerability_id VCID-m8rg-xa7x-6yan

summary

Improper Input Validation
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2929

reference_id

reference_type

scores

value	0.00814
scoring_system	epss
scoring_elements	0.74586
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2929

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731432

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731432

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552

reference_url

https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2929

reference_id

CVE-2011-2929

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2929

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml

reference_id

CVE-2011-2929.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml

reference_url

https://github.com/advisories/GHSA-r7q2-5gqg-6c7q

reference_id

GHSA-r7q2-5gqg-6c7q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r7q2-5gqg-6c7q

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-2929, GHSA-r7q2-5gqg-6c7q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m8rg-xa7x-6yan

url VCID-mhef-etqf-nuaq

vulnerability_id VCID-mhef-etqf-nuaq

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability."

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2932

reference_id

reference_type

scores

value	0.00813
scoring_system	epss
scoring_elements	0.74566
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2932

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731435

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731435

reference_url	http://secunia.com/advisories/45917
reference_id
reference_type
scores
url	http://secunia.com/advisories/45917

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2932

reference_id

CVE-2011-2932

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2932

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml

reference_id

CVE-2011-2932.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml

reference_url

https://github.com/advisories/GHSA-9fh3-vh3h-q4g3

reference_id

GHSA-9fh3-vh3h-q4g3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9fh3-vh3h-q4g3

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-2932, GHSA-9fh3-vh3h-q4g3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mhef-etqf-nuaq

url VCID-mrwn-mkcp-j7dv

vulnerability_id VCID-mrwn-mkcp-j7dv

summary

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8164

reference_id

reference_type

scores

value	0.07389
scoring_system	epss
scoring_elements	0.91846
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8164

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

reference_url

https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY

reference_url

https://hackerone.com/reports/292797

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/292797

reference_url

https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8164

reference_url

reference_id

CVE-2020-8164

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8164

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml

reference_id

CVE-2020-8164.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml

reference_url

https://github.com/advisories/GHSA-8727-m6gj-mc37

reference_id

GHSA-8727-m6gj-mc37

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8727-m6gj-mc37

fixed_packages

url	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8164, GHSA-8727-m6gj-mc37

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mrwn-mkcp-j7dv

url VCID-mvfq-sajq-bfb9

vulnerability_id VCID-mvfq-sajq-bfb9

summary

Moderate severity vulnerability that affects rails
Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5

reference_url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1

reference_url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-4214

reference_id

reference_type

scores

value	0.01632
scoring_system	epss
scoring_elements	0.82215
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-4214

reference_url

http://secunia.com/advisories/37446

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/37446

reference_url

http://secunia.com/advisories/38915

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/38915

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/11/27/2

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/11/27/2

reference_url

http://www.openwall.com/lists/oss-security/2009/12/08/3

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/12/08/3

reference_url

http://www.securityfocus.com/bid/37142

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/37142

reference_url

http://www.securitytracker.com/id?1023245

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id?1023245

reference_url

http://www.vupen.com/english/advisories/2009/3352

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vupen.com/english/advisories/2009/3352

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
reference_id	558685
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-4214

reference_id

CVE-2009-4214

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-4214

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml

reference_id

CVE-2009-4214.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml

reference_url

https://github.com/advisories/GHSA-9p3v-wf2w-v29c

reference_id

GHSA-9p3v-wf2w-v29c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-9p3v-wf2w-v29c

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@2.2.3-2?distro=trixie
purl	pkg:deb/debian/rails@2.2.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.2.3-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2009-4214, GHSA-9p3v-wf2w-v29c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mvfq-sajq-bfb9

url VCID-n2ap-zgrd-skhf

vulnerability_id VCID-n2ap-zgrd-skhf

summary

ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22795

reference_id

reference_type

scores

value	0.01339
scoring_system	epss
scoring_elements	0.80316
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22795

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f

reference_url

https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0

reference_url

https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592

reference_url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml

reference_url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164799
reference_id	2164799
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164799

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22795

reference_id

CVE-2023-22795

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22795

reference_url

https://github.com/advisories/GHSA-8xww-x3g3-6jcv

reference_id

GHSA-8xww-x3g3-6jcv

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8xww-x3g3-6jcv

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22795, GHSA-8xww-x3g3-6jcv, GMS-2023-56

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2ap-zgrd-skhf

url VCID-ns2u-nkbu-7fbp

vulnerability_id VCID-ns2u-nkbu-7fbp

summary

Path Traversal in Action View
# File Content Disclosure in Action View

Impact 
------ 
There is a possible file content disclosure vulnerability in Action View.  Specially crafted accept headers in combination with calls to `render file:`  can cause arbitrary files on the target server to be rendered, disclosing the  file contents. 

The impact is limited to calls to `render` which render file contents without  a specified accept format.  Impacted code in a controller looks something like this: 

``` ruby
class UserController < ApplicationController 
  def index 
    render file: "#{Rails.root}/some/file" 
  end 
end 
``` 

Rendering templates as opposed to files is not impacted by this vulnerability. 

All users running an affected release should either upgrade or use one of the workarounds immediately. 

Releases 
-------- 
The 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, and 4.2.11.1 releases are available at the normal locations. 

Workarounds 
----------- 
This vulnerability can be mitigated by specifying a format for file rendering, like this: 

``` ruby
class UserController < ApplicationController 
  def index 
    render file: "#{Rails.root}/some/file", formats: [:html] 
  end 
end 
``` 

In summary, impacted calls to `render` look like this: 

``` 
render file: "#{Rails.root}/some/file" 
``` 

The vulnerability can be mitigated by changing to this: 

``` 
render file: "#{Rails.root}/some/file", formats: [:html] 
``` 

Other calls to `render` are not impacted. 

Alternatively, the following monkey patch can be applied in an initializer: 

``` ruby
$ cat config/initializers/formats_filter.rb 
# frozen_string_literal: true 

ActionDispatch::Request.prepend(Module.new do 
  def formats 
    super().select do |format| 
      format.symbol || format.ref == "*/*" 
    end 
  end 
end) 
``` 

Credits 
------- 
Thanks to John Hawthorn <john@hawthorn.email> of GitHub

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html

reference_url

http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5418

reference_url

reference_id

reference_type

scores

value	0.94318
scoring_system	epss
scoring_elements	0.99952
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5418

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_url

https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418

reference_url

https://www.exploit-db.com/exploits/46585

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/46585

reference_url

https://www.exploit-db.com/exploits/46585/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

https://www.exploit-db.com/exploits/46585/

reference_url

http://www.openwall.com/lists/oss-security/2019/03/22/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

http://www.openwall.com/lists/oss-security/2019/03/22/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
reference_id	924520
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py
reference_id	CVE-2019-5418
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5418

reference_id

CVE-2019-5418

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5418

reference_url

https://github.com/advisories/GHSA-86g5-2wh3-gc9j

reference_id

GHSA-86g5-2wh3-gc9j

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-86g5-2wh3-gc9j

reference_url	https://usn.ubuntu.com/7646-1/
reference_id	USN-7646-1
reference_type
scores
url	https://usn.ubuntu.com/7646-1/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/

reference_id

Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/

fixed_packages

url	pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2019-5418, GHSA-86g5-2wh3-gc9j

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ns2u-nkbu-7fbp

url VCID-nvse-2qzf-n7ba

vulnerability_id VCID-nvse-2qzf-n7ba

summary open redirect

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22942

reference_id

reference_type

scores

value	0.00533
scoring_system	epss
scoring_elements	0.67678
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22942

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c

reference_url

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240202-0005

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240202-0005

reference_url	https://security.netapp.com/advisory/ntap-20240202-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240202-0005/

reference_url

https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released

reference_url	https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/
reference_id
reference_type
scores
url	https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/12/14/5

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/12/14/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586
reference_id	992586
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586

reference_url

https://security.archlinux.org/AVG-2492

reference_id

AVG-2492

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2492

reference_url

https://security.archlinux.org/AVG-2493

reference_id

AVG-2493

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2493

reference_url

https://access.redhat.com/security/cve/cve-2021-22942

reference_id

CVE-2021-22942

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2021-22942

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22942

reference_id

CVE-2021-22942

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22942

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml

reference_id

CVE-2021-22942.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml

reference_url

https://github.com/advisories/GHSA-2rqw-v265-jf8c

reference_id

GHSA-2rqw-v265-jf8c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2rqw-v265-jf8c

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.4.1%2Bdfsg-3?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.4.1%2Bdfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.1%252Bdfsg-3%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22942, GHSA-2rqw-v265-jf8c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nvse-2qzf-n7ba

url VCID-p5sk-7xnp-fygg

vulnerability_id VCID-p5sk-7xnp-fygg

summary

SQL injection vulnerability in Active Record
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2661

reference_url

reference_id

reference_type

scores

value	0.00627
scoring_system	epss
scoring_elements	0.70564
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661

reference_url	https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml

reference_url

https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2661

reference_id

CVE-2012-2661

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2661

reference_url

https://github.com/advisories/GHSA-fh39-v733-mxfr

reference_id

GHSA-fh39-v733-mxfr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fh39-v733-mxfr

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-2661, GHSA-fh39-v733-mxfr, OSV-82403

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5sk-7xnp-fygg

url VCID-pbsg-mb43-8qf5

vulnerability_id VCID-pbsg-mb43-8qf5

summary

XML Parsing Vulnerability affecting JRuby users
There is a vulnerability in the JDOM backend to ActiveSupport's XML parser. you should upgrade or use one of the work arounds immediately.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1856

reference_id

reference_type

scores

value	0.00707
scoring_system	epss
scoring_elements	0.72473
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1856

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/

reference_url	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856
reference_id
reference_type
scores
url	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856

reference_url	http://www.openwall.com/lists/oss-security/2013/03/18/4
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2013/03/18/4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1856

reference_id

CVE-2013-1856

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1856

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml

reference_id

CVE-2013-1856.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml

reference_url

https://github.com/advisories/GHSA-9c2j-593q-3g82

reference_id

GHSA-9c2j-593q-3g82

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9c2j-593q-3g82

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-1856, GHSA-9c2j-593q-3g82, OSV-91451

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pbsg-mb43-8qf5

url VCID-pssv-24tn-kkc5

vulnerability_id VCID-pssv-24tn-kkc5

summary

Object leak vulnerability for wildcard controller routes
Users that have a route that contains the string `:controller` are susceptible to objects being leaked globally which can lead to unbounded memory growth. To identify if your application is vulnerable, look for routes that contain `:controller`.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7581

reference_url

reference_id

reference_type

scores

value	0.08542
scoring_system	epss
scoring_elements	0.9252
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7581

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE

reference_url

https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677

reference_url

https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/16

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/16

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7581

reference_id

CVE-2015-7581

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7581

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml

reference_id

CVE-2015-7581.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml

reference_url

https://github.com/advisories/GHSA-9h6g-gp95-x3q5

reference_id

GHSA-9h6g-gp95-x3q5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9h6g-gp95-x3q5

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2015-7581, GHSA-9h6g-gp95-x3q5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pssv-24tn-kkc5

url VCID-puxk-6gxm-z7h2

vulnerability_id VCID-puxk-6gxm-z7h2

summary

Possible XSS Security Vulnerability in SafeBuffer#bytesplice
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
This vulnerability has been assigned the CVE identifier CVE-2023-28120.

Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3

# Impact

ActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized.
When these strings are mutated, the tag is should be removed to mark them as no longer being html_safe.

Ruby 3.2 introduced a new bytesplice method which ActiveSupport does not yet understand to be a mutation.
Users on older versions of Ruby are likely unaffected.

All users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately.

# Workarounds

Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28120

reference_id

reference_type

scores

value	0.00418
scoring_system	epss
scoring_elements	0.6207
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28120

reference_url

https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/

url

https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/

url

https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO

reference_url

https://security.netapp.com/advisory/ntap-20240202-0006

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240202-0006

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2023-28120

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262
reference_id	1033262
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179637
reference_id	2179637
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179637

reference_url

reference_id

CVE-2023-28120

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-28120

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml

reference_id

CVE-2023-28120.YML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml

reference_url

https://github.com/advisories/GHSA-pj73-v5mw-pm9j

reference_id

GHSA-pj73-v5mw-pm9j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pj73-v5mw-pm9j

reference_url

https://security.netapp.com/advisory/ntap-20240202-0006/

reference_id

ntap-20240202-0006

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/

url

https://security.netapp.com/advisory/ntap-20240202-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:1953
reference_id	RHSA-2023:1953
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1953

reference_url	https://access.redhat.com/errata/RHSA-2023:3495
reference_id	RHSA-2023:3495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3495

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/

reference_id

UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/

reference_id

ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-28120, GHSA-pj73-v5mw-pm9j, GMS-2023-765

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-puxk-6gxm-z7h2

url VCID-pzs8-zstn-hbf2

vulnerability_id VCID-pzs8-zstn-hbf2

summary

actionpack Improper Authentication vulnerability
The `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3424

reference_url

reference_id

reference_type

scores

value	0.00981
scoring_system	epss
scoring_elements	0.7708
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3424

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600

reference_url

https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain

reference_url

http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3424

reference_id

CVE-2012-3424

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3424

reference_url

https://github.com/advisories/GHSA-92w9-2pqw-rhjj

reference_id

GHSA-92w9-2pqw-rhjj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-92w9-2pqw-rhjj

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-3424, GHSA-92w9-2pqw-rhjj, OSV-84243

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pzs8-zstn-hbf2

url VCID-rzeh-ft6v-h7bv

vulnerability_id VCID-rzeh-ft6v-h7bv

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22794

reference_id

reference_type

scores

value	0.05757
scoring_system	epss
scoring_elements	0.90598
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22794

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml

reference_url

https://security.netapp.com/advisory/ntap-20240202-0008

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240202-0008

reference_url	https://security.netapp.com/advisory/ntap-20240202-0008/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240202-0008/

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22794

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164785
reference_id	2164785
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164785

reference_url

reference_id

CVE-2023-22794

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22794

reference_url

https://github.com/advisories/GHSA-hq7p-j377-6v63

reference_id

GHSA-hq7p-j377-6v63

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hq7p-j377-6v63

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22794, GHSA-hq7p-j377-6v63, GMS-2023-60

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rzeh-ft6v-h7bv

url VCID-sd3k-af7j-h7h4

vulnerability_id VCID-sd3k-af7j-h7h4

summary open redirect

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22903

reference_id

reference_type

scores

value	0.00096
scoring_system	epss
scoring_elements	0.26532
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22903

reference_url

https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails/releases/tag/v6.1.3.2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.3.2

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0

reference_url

https://hackerone.com/reports/1148025

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1148025

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22903

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22903

reference_url

https://security.archlinux.org/AVG-1919

reference_id

AVG-1919

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1919

reference_url

https://github.com/advisories/GHSA-5hq2-xf89-9jxq

reference_id

GHSA-5hq2-xf89-9jxq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5hq2-xf89-9jxq

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22903, GHSA-5hq2-xf89-9jxq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sd3k-af7j-h7h4

url VCID-semx-3823-f7f6

vulnerability_id VCID-semx-3823-f7f6

summary

Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
The `redirect_to` method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been assigned the CVE identifier CVE-2023-28362.

Versions Affected: All. Not affected: None Fixed Versions: 7.0.5.1, 6.1.7.4

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28362

reference_id

reference_type

scores

value	0.00225
scoring_system	epss
scoring_elements	0.45273
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28362

reference_url

https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/

url

https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441

reference_url

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/

url

https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441

reference_url

https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/

url

https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5

reference_url

https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23

reference_url

https://security.netapp.com/advisory/ntap-20250502-0009

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250502-0009

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058
reference_id	1051058
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2217785
reference_id	2217785
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2217785

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-28362

reference_id

CVE-2023-28362

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-28362

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml

reference_id

CVE-2023-28362.YML

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml

reference_url

https://github.com/advisories/GHSA-4g8v-vg43-wpgf

reference_id

GHSA-4g8v-vg43-wpgf

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/

url

https://github.com/advisories/GHSA-4g8v-vg43-wpgf

reference_url	https://access.redhat.com/errata/RHSA-2023:7851
reference_id	RHSA-2023:7851
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7851

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-28362, GHSA-4g8v-vg43-wpgf

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-semx-3823-f7f6

url VCID-sevc-c95q-tyg8

vulnerability_id VCID-sevc-c95q-tyg8

summary

Improper Input Validation
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.

references

reference_url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en

reference_url

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_url

http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup

reference_url	http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
reference_id
reference_type
scores
url	http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-7248

reference_id

reference_type

scores

value	0.11409
scoring_system	epss
scoring_elements	0.93691
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-7248

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=544329

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=544329

reference_url	http://secunia.com/advisories/36600
reference_id
reference_type
scores
url	http://secunia.com/advisories/36600

reference_url	http://secunia.com/advisories/38915
reference_id
reference_type
scores
url	http://secunia.com/advisories/38915

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a

reference_url

https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en

reference_url

https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_url

https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup

reference_url	https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
reference_id
reference_type
scores
url	https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/

reference_url

https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544

reference_url

https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1

reference_url

https://www.openwall.com/lists/oss-security/2009/11/28/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2009/11/28/1

reference_url

https://www.openwall.com/lists/oss-security/2009/12/02/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2009/12/02/2

reference_url

https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html

reference_url

http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1

reference_url

http://www.openwall.com/lists/oss-security/2009/11/28/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/11/28/1

reference_url

http://www.openwall.com/lists/oss-security/2009/12/02/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/12/02/2

reference_url	http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
reference_id
reference_type
scores
url	http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html

reference_url	http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/2544

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
reference_id	558685
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685

reference_url

https://access.redhat.com/security/cve/CVE-2008-7248

reference_id

CVE-2008-7248

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2008-7248

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-7248

reference_id

CVE-2008-7248

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-7248

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt
reference_id	CVE-2008-7248;OSVDB-61124
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt

reference_url	https://www.securityfocus.com/bid/37322/info
reference_id	CVE-2008-7248;OSVDB-61124
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/37322/info

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml

reference_id

CVE-2008-7248.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml

reference_url

https://github.com/advisories/GHSA-8fqx-7pv4-3jwm

reference_id

GHSA-8fqx-7pv4-3jwm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8fqx-7pv4-3jwm

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@2.2.3-1?distro=trixie
purl	pkg:deb/debian/rails@2.2.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.2.3-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2008-7248, GHSA-8fqx-7pv4-3jwm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sevc-c95q-tyg8

url VCID-sfnx-agxs-9yc9

vulnerability_id VCID-sfnx-agxs-9yc9

summary

XSS Vulnerability in number_to_currency
The number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

reference_url

reference_id

reference_type

scores

value	0.01506
scoring_system	epss
scoring_elements	0.81475
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417

reference_url	http://seclists.org/oss-sec/2013/q4/402
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2013/q4/402

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0

reference_url

https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077

reference_url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6415

reference_url

reference_id

CVE-2013-6415

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6415

reference_url

https://puppet.com/security/cve/cve-2013-6415

reference_id

CVE-2013-6415

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://puppet.com/security/cve/cve-2013-6415

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml

reference_id

CVE-2013-6415.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml

reference_url

https://github.com/advisories/GHSA-6h5q-96hp-9jgm

reference_id

GHSA-6h5q-96hp-9jgm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6h5q-96hp-9jgm

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-6415, GHSA-6h5q-96hp-9jgm, OSV-100524

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sfnx-agxs-9yc9

url VCID-sqqx-kuhq-ebhw

vulnerability_id VCID-sqqx-kuhq-ebhw

summary

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8165

reference_id

reference_type

scores

value	0.90128
scoring_system	epss
scoring_elements	0.99604
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8165

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

reference_url

https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c

reference_url

https://hackerone.com/reports/413388

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/413388

reference_url

https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html

reference_url

https://security.netapp.com/advisory/ntap-20250509-0002

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250509-0002

reference_url

https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8165

reference_url

reference_id

CVE-2020-8165

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8165

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml

reference_id

CVE-2020-8165.YML

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml

reference_url

https://github.com/advisories/GHSA-2p68-f74v-9wc6

reference_id

GHSA-2p68-f74v-9wc6

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2p68-f74v-9wc6

fixed_packages

url	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8165, GHSA-2p68-f74v-9wc6

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sqqx-kuhq-ebhw

url VCID-swv6-gyb1-y7bs

vulnerability_id VCID-swv6-gyb1-y7bs

summary

XSS Vulnerability in simple_format helper
The simple_format helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass user-controlled data to be included as html attributes will be vulnerable to an XSS attack.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6416

reference_id

reference_type

scores

value	0.00236
scoring_system	epss
scoring_elements	0.46636
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6416

reference_url	http://seclists.org/oss-sec/2013/q4/404
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2013/q4/404

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM

reference_url

https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071

reference_url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-6416

reference_id

CVE-2013-6416

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6416

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml

reference_id

CVE-2013-6416.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml

reference_url

https://github.com/advisories/GHSA-w37c-q653-qg95

reference_id

GHSA-w37c-q653-qg95

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w37c-q653-qg95

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-6416, GHSA-w37c-q653-qg95, OSV-100526

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swv6-gyb1-y7bs

url VCID-sx3y-xa4f-gkcf

vulnerability_id VCID-sx3y-xa4f-gkcf

summary The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.

references

reference_url

http://dev.rubyonrails.org/changeset/8177

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://dev.rubyonrails.org/changeset/8177

reference_url

http://dev.rubyonrails.org/ticket/10048

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://dev.rubyonrails.org/ticket/10048

reference_url

http://docs.info.apple.com/article.html?artnum=307179

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://docs.info.apple.com/article.html?artnum=307179

reference_url

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-6077

reference_id

reference_type

scores

value	0.03262
scoring_system	epss
scoring_elements	0.8737
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-6077

reference_url

http://secunia.com/advisories/27781

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/27781

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release

reference_url

http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release

reference_url

http://www.securityfocus.com/bid/26598

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/26598

reference_url

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

reference_url

http://www.vupen.com/english/advisories/2007/4009

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vupen.com/english/advisories/2007/4009

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-6077

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748
reference_id	452748
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748

reference_url

reference_id

CVE-2007-6077

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-6077

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml

reference_id

CVE-2007-6077.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml

reference_url

https://github.com/advisories/GHSA-p4c6-77gc-694x

reference_id

GHSA-p4c6-77gc-694x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-p4c6-77gc-694x

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@1.2.6-1?distro=trixie
purl	pkg:deb/debian/rails@1.2.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.2.6-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2007-6077, GHSA-p4c6-77gc-694x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sx3y-xa4f-gkcf

url VCID-t1ep-g6cz-7kgr

vulnerability_id VCID-t1ep-g6cz-7kgr

summary

Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`

references

reference_url

http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7829

reference_id

reference_type

scores

value	0.00265
scoring_system	epss
scoring_elements	0.5012
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7829

reference_url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk

reference_url

https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183

reference_url	http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
reference_id	770934
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7829

reference_id

CVE-2014-7829

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7829

reference_url

reference_id

CVE-2014-7829

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml

reference_url

reference_id

CVE-2014-7829.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml

reference_url

https://github.com/advisories/GHSA-h56m-vwxc-3qpw

reference_id

GHSA-h56m-vwxc-3qpw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-h56m-vwxc-3qpw

fixed_packages

url	pkg:deb/debian/rails@2:4.1.8-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.1.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-7829, GHSA-h56m-vwxc-3qpw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1ep-g6cz-7kgr

url VCID-t7pe-vz5p-rfed

vulnerability_id VCID-t7pe-vz5p-rfed

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8264

reference_id

reference_type

scores

value	0.00346
scoring_system	epss
scoring_elements	0.57383
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8264

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8264.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8264.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk

reference_url

https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ

reference_url

https://hackerone.com/reports/904059

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/904059

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8264

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8264

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971988
reference_id	971988
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971988

reference_url

https://github.com/advisories/GHSA-35mm-cc6r-8fjp

reference_id

GHSA-35mm-cc6r-8fjp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-35mm-cc6r-8fjp

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.4%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.4%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.4%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8264, GHSA-35mm-cc6r-8fjp

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t7pe-vz5p-rfed

url VCID-tc9x-h24m-9ufe

vulnerability_id VCID-tc9x-h24m-9ufe

summary

Translate helper method which may allow an attacker to insert arbitrary code into a page
The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped.

references

reference_url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1

reference_url

http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain

reference_url

http://openwall.com/lists/oss-security/2011/11/18/8

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2011/11/18/8

reference_url	http://osvdb.org/77199
reference_id
reference_type
scores
url	http://osvdb.org/77199

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-4319

reference_id

reference_type

scores

value	0.00607
scoring_system	epss
scoring_elements	0.70023
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-4319

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/71364

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/71364

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c

reference_url

https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade

reference_url	https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU

reference_url

https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722

reference_url

https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342

reference_url

http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released

reference_url

http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released

reference_url	http://www.securityfocus.com/bid/50722
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/50722

reference_url	http://www.securitytracker.com/id?1026342
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1026342

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-4319

reference_id

CVE-2011-4319

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-4319

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml

reference_id

CVE-2011-4319.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml

reference_url

https://github.com/advisories/GHSA-xxr8-833v-c7wc

reference_id

GHSA-xxr8-833v-c7wc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xxr8-833v-c7wc

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-4319, GHSA-xxr8-833v-c7wc, OSV-77199

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tc9x-h24m-9ufe

100

url VCID-tf9s-mg9q-1kfd

vulnerability_id VCID-tf9s-mg9q-1kfd

summary Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://docs.info.apple.com/article.html?artnum=307179

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://docs.info.apple.com/article.html?artnum=307179

reference_url

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-5380

reference_id

reference_type

scores

value	0.05845
scoring_system	epss
scoring_elements	0.90689
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-5380

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/27965

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/27965

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_url

http://www.novell.com/linux/security/advisories/2007_25_sr.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.novell.com/linux/security/advisories/2007_25_sr.html

reference_url

http://www.securityfocus.com/bid/26096

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/26096

reference_url

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-5380

reference_url

reference_id

CVE-2007-5380

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-5380

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml

reference_id

CVE-2007-5380.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml

reference_url

https://github.com/advisories/GHSA-jwhv-rgqc-fqj5

reference_id

GHSA-jwhv-rgqc-fqj5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jwhv-rgqc-fqj5

reference_url	https://security.gentoo.org/glsa/200711-17
reference_id	GLSA-200711-17
reference_type
scores
url	https://security.gentoo.org/glsa/200711-17

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@1.2.5-1?distro=trixie
purl	pkg:deb/debian/rails@1.2.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.2.5-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2007-5380, GHSA-jwhv-rgqc-fqj5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tf9s-mg9q-1kfd

101

url VCID-uhsu-287n-vbbg

vulnerability_id VCID-uhsu-287n-vbbg

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-47889

reference_id

reference_type

scores

value	0.00326
scoring_system	epss
scoring_elements	0.55806
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-47889

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94

reference_url

reference_id

0e5694f4d32544532d2301a9b4084eacb6986e94

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/

url

https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id	1085376
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2319033
reference_id	2319033
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2319033

reference_url

https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3

reference_id

3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/

url

https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3

reference_url

https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9

reference_id

985f1923fa62806ff676e41de67c3b4552131ab9

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/

url

https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9

reference_url

https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e

reference_id

be898cc996986decfe238341d96b2a6573b8fd2e

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/

url

https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-47889
reference_id	CVE-2024-47889
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-47889

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml

reference_id

CVE-2024-47889.YML

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml

reference_url

https://github.com/advisories/GHSA-h47h-mwp9-c6q6

reference_id

GHSA-h47h-mwp9-c6q6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h47h-mwp9-c6q6

reference_url

https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6

reference_id

GHSA-h47h-mwp9-c6q6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/

url

https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6

reference_url	https://usn.ubuntu.com/7290-1/
reference_id	USN-7290-1
reference_type
scores
url	https://usn.ubuntu.com/7290-1/

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-47889, GHSA-h47h-mwp9-c6q6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uhsu-287n-vbbg

102

url VCID-uw5h-1fk2-abat

vulnerability_id VCID-uw5h-1fk2-abat

summary

Allocation of Resources Without Limits or Throttling
There is a possible denial of service vulnerability in Action View (Rails)  where specially crafted accept headers can cause action view to consume % cpu and make the server unresponsive.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5419

reference_url

reference_id

reference_type

scores

value	0.12118
scoring_system	epss
scoring_elements	0.93922
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5419

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715

reference_url

https://github.com/rails/rails/pull/35708

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/pull/35708

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/

reference_url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_url	https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
reference_id
reference_type
scores
url	https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

reference_url

http://www.openwall.com/lists/oss-security/2019/03/22/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/03/22/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
reference_id	924520
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5419

reference_id

CVE-2019-5419

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5419

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml

reference_id

CVE-2019-5419.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml

reference_url

https://github.com/advisories/GHSA-m63j-wh5w-c252

reference_id

GHSA-m63j-wh5w-c252

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m63j-wh5w-c252

fixed_packages

url	pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2019-5419, GHSA-m63j-wh5w-c252

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uw5h-1fk2-abat

103

url VCID-v12d-fr9k-7ufu

vulnerability_id VCID-v12d-fr9k-7ufu

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55193

reference_id

reference_type

scores

value	0.00346
scoring_system	epss
scoring_elements	0.57339
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55193

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290

reference_url

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/

url

https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290

reference_url

https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/

url

https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b

reference_url

https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/

url

https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202

reference_url

https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/

url

https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-55193

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-55193

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106
reference_id	1111106
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2388446
reference_id	2388446
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2388446

reference_url	https://github.com/advisories/GHSA-76r7-hhxj-r776
reference_id	GHSA-76r7-hhxj-r776
reference_type
scores
url	https://github.com/advisories/GHSA-76r7-hhxj-r776

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u4?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u4%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2025-55193, GHSA-76r7-hhxj-r776

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v12d-fr9k-7ufu

104

url VCID-vaa4-b9ph-b7cm

vulnerability_id VCID-vaa4-b9ph-b7cm

summary

Reflective XSS Vulnerability
There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4491

reference_url

reference_id

reference_type

scores

value	0.00713
scoring_system	epss
scoring_elements	0.72633
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4491

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417

reference_url	http://seclists.org/oss-sec/2013/q4/401
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2013/q4/401

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998

reference_url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4491

reference_url

reference_id

CVE-2013-4491

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4491

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml

reference_id

CVE-2013-4491.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml

reference_url

https://github.com/advisories/GHSA-699m-mcjm-9cw8

reference_id

GHSA-699m-mcjm-9cw8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-699m-mcjm-9cw8

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-4491, GHSA-699m-mcjm-9cw8, OSV-100528

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vaa4-b9ph-b7cm

105

url VCID-vbkg-umrg-gkfm

vulnerability_id VCID-vbkg-umrg-gkfm

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-44566

reference_id

reference_type

scores

value	0.01544
scoring_system	epss
scoring_elements	0.81691
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-44566

reference_url

https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/

url

https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html

reference_url

https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/

url

https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf

reference_url

https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b

reference_url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid

reference_url

https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15

reference_url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164789
reference_id	2164789
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164789

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-44566

reference_id

CVE-2022-44566

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-44566

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml

reference_id

CVE-2022-44566.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml

reference_url

https://github.com/advisories/GHSA-579w-22j4-4749

reference_id

GHSA-579w-22j4-4749

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-579w-22j4-4749

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-44566, GHSA-579w-22j4-4749, GMS-2023-59

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbkg-umrg-gkfm

106

url VCID-vm51-p4w4-n3du

vulnerability_id VCID-vm51-p4w4-n3du

summary

Possible Information Leak Vulnerability
Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2097

reference_id

reference_type

scores

value	0.01912
scoring_system	epss
scoring_elements	0.83609
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2097

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4

reference_url	https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4

reference_url

https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122

reference_url

https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726

reference_url

https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ

reference_url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2097

reference_url

reference_id

CVE-2016-2097

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2097

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml

reference_id

CVE-2016-2097.YML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml

reference_id

CVE-2016-2097.YML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml

reference_url

https://github.com/advisories/GHSA-vx9j-46rh-fqr8

reference_id

GHSA-vx9j-46rh-fqr8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vx9j-46rh-fqr8

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.2-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-2097, GHSA-vx9j-46rh-fqr8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vm51-p4w4-n3du

107

url VCID-vvth-cjt4-akg8

vulnerability_id VCID-vvth-cjt4-akg8

summary

Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0
There is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0277

reference_id

reference_type

scores

value	0.06742
scoring_system	epss
scoring_elements	0.91428
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0277

reference_url

http://securitytracker.com/id?1028109

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://securitytracker.com/id?1028109

reference_url

https://github.com/rails/rails/tree/v6.1.4.1/activerecord

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/tree/v6.1.4.1/activerecord

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU

reference_url

https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain

reference_url

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

reference_url

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/

reference_url

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/11/6

reference_url

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/11/6

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0277

reference_id

CVE-2013-0277

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0277

reference_url

https://puppet.com/security/cve/cve-2013-0277

reference_id

CVE-2013-0277

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://puppet.com/security/cve/cve-2013-0277

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml

reference_id

CVE-2013-0277.YML

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml

reference_url

https://github.com/advisories/GHSA-fhj9-cjjh-27vm

reference_id

GHSA-fhj9-cjjh-27vm

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fhj9-cjjh-27vm

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-0277, GHSA-fhj9-cjjh-27vm, OSV-90073

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vvth-cjt4-akg8

108

url VCID-w3hp-78sw-hfa4

vulnerability_id VCID-w3hp-78sw-hfa4

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22880

reference_id

reference_type

scores

value	0.02599
scoring_system	epss
scoring_elements	0.85868
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22880

reference_url

https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

reference_url

https://hackerone.com/reports/1023899

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1023899

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22880

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22880

reference_url

https://security.netapp.com/advisory/ntap-20210805-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210805-0009

reference_url	https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210805-0009/

reference_url

https://www.debian.org/security/2021/dsa-4929

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4929

reference_url

https://github.com/advisories/GHSA-8hc4-xxm3-5ppp

reference_id

GHSA-8hc4-xxm3-5ppp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8hc4-xxm3-5ppp

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.5%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.5%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.5%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22880, GHSA-8hc4-xxm3-5ppp

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w3hp-78sw-hfa4

109

url VCID-wj98-mgjt-6uay

vulnerability_id VCID-wj98-mgjt-6uay

summary

rails is vulnerable to CRLF injection
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d

reference_url

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-5189

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.37873
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-5189

reference_url

http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing

reference_url

http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-5189

reference_id

CVE-2008-5189

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-5189

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml

reference_id

CVE-2008-5189.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml

reference_url

https://github.com/advisories/GHSA-jmgf-p46x-982h

reference_id

GHSA-jmgf-p46x-982h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jmgf-p46x-982h

fixed_packages

url	pkg:deb/debian/rails@2.1.0-6?distro=trixie
purl	pkg:deb/debian/rails@2.1.0-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.1.0-6%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2008-5189, GHSA-jmgf-p46x-982h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wj98-mgjt-6uay

110

url VCID-wyvv-ks5y-fkex

vulnerability_id VCID-wyvv-ks5y-fkex

summary

Possible Object Leak and Denial of Service attack
A carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0751

reference_url

reference_id

reference_type

scores

value	0.08895
scoring_system	epss
scoring_elements	0.92693
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0751

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17

reference_url

https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6

reference_url

https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc

reference_url

https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816

reference_url

https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/9

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0751

reference_id

CVE-2016-0751

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0751

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml

reference_id

CVE-2016-0751.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml

reference_url

https://github.com/advisories/GHSA-ffpv-c4hm-3x6v

reference_id

GHSA-ffpv-c4hm-3x6v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ffpv-c4hm-3x6v

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-0751, GHSA-ffpv-c4hm-3x6v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wyvv-ks5y-fkex

111

url VCID-wz47-y64c-j7d2

vulnerability_id VCID-wz47-y64c-j7d2

summary

Deserialization of Untrusted Data
A Broken Access Control vulnerability in Active Job

references

reference_url

https://access.redhat.com/errata/RHSA-2019:0600

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0600

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16476

reference_id

reference_type

scores

value	0.00791
scoring_system	epss
scoring_elements	0.74196
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16476

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/970b0d754be7c71a760d9b807eea32297fd838e3

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/970b0d754be7c71a760d9b807eea32297fd838e3

reference_url

https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

reference_url

https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released

reference_url	https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/
reference_id
reference_type
scores
url	https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914847
reference_id	914847
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914847

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-16476

reference_id

CVE-2018-16476

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-16476

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/CVE-2018-16476.yml

reference_id

CVE-2018-16476.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/CVE-2018-16476.yml

reference_url

https://github.com/advisories/GHSA-q2qw-rmrh-vv42

reference_id

GHSA-q2qw-rmrh-vv42

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q2qw-rmrh-vv42

fixed_packages

url	pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2018-16476, GHSA-q2qw-rmrh-vv42

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wz47-y64c-j7d2

112

url VCID-x6wm-6c84-2qdw

vulnerability_id VCID-x6wm-6c84-2qdw

summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in actionview.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-27777

reference_id

reference_type

scores

value	0.01409
scoring_system	epss
scoring_elements	0.80801
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-27777

reference_url

https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85

reference_url

https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_url

https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-27777

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982
reference_id	1016982
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982

reference_url

reference_id

CVE-2022-27777

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-27777

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml

reference_id

CVE-2022-27777.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml

reference_url

https://github.com/advisories/GHSA-ch3h-j2vf-95pv

reference_id

GHSA-ch3h-j2vf-95pv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ch3h-j2vf-95pv

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.6.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-27777, GHSA-ch3h-j2vf-95pv, GMS-2022-1138

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x6wm-6c84-2qdw

113

url VCID-xg9u-39cc-fud9

vulnerability_id VCID-xg9u-39cc-fud9

summary

Active Support Possibly Discloses Locally Encrypted Files
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037.

Versions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38037

reference_id

reference_type

scores

value	0.00072
scoring_system	epss
scoring_elements	0.22046
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38037

reference_url

https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:42Z/

url

https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731

reference_url

https://github.com/rails/rails/releases/tag/v7.0.7.1

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.7.1

reference_url

https://security.netapp.com/advisory/ntap-20250214-0010

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250214-0010

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057
reference_id	1051057
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2236261
reference_id	2236261
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2236261

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-38037

reference_id

CVE-2023-38037

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-38037

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml

reference_id

CVE-2023-38037.YML

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml

reference_url

https://github.com/advisories/GHSA-cr5q-6q9f-rq6q

reference_id

GHSA-cr5q-6q9f-rq6q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cr5q-6q9f-rq6q

reference_url	https://access.redhat.com/errata/RHSA-2023:7720
reference_id	RHSA-2023:7720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7720

reference_url	https://access.redhat.com/errata/RHSA-2024:0268
reference_id	RHSA-2024:0268
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0268

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-38037, GHSA-cr5q-6q9f-rq6q

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xg9u-39cc-fud9

114

url VCID-xhqj-617q-f7fb

vulnerability_id VCID-xhqj-617q-f7fb

summary

Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
# Possible ReDoS vulnerability in Accept header parsing in Action Dispatch

There is a possible ReDoS vulnerability in the Accept header parsing routines
of Action Dispatch. This vulnerability has been assigned the CVE identifier
CVE-2024-26142.

Versions Affected:  >= 7.1.0, < 7.1.3.1
Not affected:       < 7.1.0
Fixed Versions:     7.1.3.1

Impact
------
Carefully crafted Accept headers can cause Accept header parsing in Action
Dispatch to take an unexpected amount of time, possibly resulting in a DoS
vulnerability.  All users running an affected release should either upgrade or
use one of the workarounds immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby
3.2 or newer are unaffected.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* 7-1-accept-redox.patch - Patch for 7.1 series

Credits
-------
Thanks [svalkanov](https://hackerone.com/svalkanov) for the report and patch!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-26142

reference_id

reference_type

scores

value	0.03542
scoring_system	epss
scoring_elements	0.87878
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-26142

reference_url

https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/

url

https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/

url

https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2266324
reference_id	2266324
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2266324

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-26142

reference_id

CVE-2024-26142

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-26142

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml

reference_id

CVE-2024-26142.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml

reference_url

https://github.com/advisories/GHSA-jjhx-jhvp-74wq

reference_id

GHSA-jjhx-jhvp-74wq

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jjhx-jhvp-74wq

reference_url

https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq

reference_id

GHSA-jjhx-jhvp-74wq

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/

url

https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq

reference_url

https://security.netapp.com/advisory/ntap-20240503-0003/

reference_id

ntap-20240503-0003

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/

url

https://security.netapp.com/advisory/ntap-20240503-0003/

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-26142, GHSA-jjhx-jhvp-74wq

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhqj-617q-f7fb

115

url VCID-yd25-ket2-67d3

vulnerability_id VCID-yd25-ket2-67d3

summary

Unsafe Query Generation Risk in Ruby on Rails
Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it.

references

reference_url

http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0155

reference_url

reference_id

reference_type

scores

value	0.18174
scoring_system	epss
scoring_elements	0.95308
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0155

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI

reference_url

https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2609

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2609

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0155

reference_id

CVE-2013-0155

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0155

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml

reference_id

CVE-2013-0155.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml

reference_url

https://github.com/advisories/GHSA-gppp-5xc5-wfpx

reference_id

GHSA-gppp-5xc5-wfpx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gppp-5xc5-wfpx

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-0155, GHSA-gppp-5xc5-wfpx, OSV-89025

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yd25-ket2-67d3

116

url VCID-ymcz-yhcp-6kd9

vulnerability_id VCID-ymcz-yhcp-6kd9

summary

Direct Manipulation XSS
Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate direct manipulations of `SafeBuffer` objects via `'[]'` and other methods. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1098

reference_id

reference_type

scores

value	0.00377
scoring_system	epss
scoring_elements	0.59578
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1098

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=799275

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=799275

reference_url	https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml

reference_url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_url

http://www.openwall.com/lists/oss-security/2012/03/03/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/03/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-1098

reference_id

CVE-2012-1098

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-1098

reference_url

https://github.com/advisories/GHSA-qv8p-v9qw-wc7g

reference_id

GHSA-qv8p-v9qw-wc7g

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qv8p-v9qw-wc7g

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-1098, GHSA-qv8p-v9qw-wc7g, OSV-79726

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ymcz-yhcp-6kd9

117

url VCID-yp5x-mgfj-xbbf

vulnerability_id VCID-yp5x-mgfj-xbbf

summary

ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22792

reference_id

reference_type

scores

value	0.02326
scoring_system	epss
scoring_elements	0.85083
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22792

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/

url

https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml

reference_url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_url

https://security.netapp.com/advisory/ntap-20240202-0007

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240202-0007

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22792

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164800
reference_id	2164800
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164800

reference_url

reference_id

CVE-2023-22792

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22792

reference_url

https://github.com/advisories/GHSA-p84v-45xj-wwqj

reference_id

GHSA-p84v-45xj-wwqj

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p84v-45xj-wwqj

reference_url

https://security.netapp.com/advisory/ntap-20240202-0007/

reference_id

ntap-20240202-0007

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/

url

https://security.netapp.com/advisory/ntap-20240202-0007/

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22792, GHSA-p84v-45xj-wwqj, GMS-2023-58

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yp5x-mgfj-xbbf

118

url VCID-ypmv-73g2-gfex

vulnerability_id VCID-ypmv-73g2-gfex

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-47887

reference_id

reference_type

scores

value	0.00333
scoring_system	epss
scoring_elements	0.56357
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-47887

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id	1085376
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2319034
reference_id	2319034
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2319034

reference_url

reference_id

56b2fc3302836405b496e196a8d5fc0195e55049

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/

url

https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049

reference_url

https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a

reference_id

7c1398854d51f9bb193fb79f226647351133d08a

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/

url

https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a

reference_url

https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545

reference_id

8e057db25bff1dc7a98e9ae72e0083825b9ac545

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/

url

https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-47887
reference_id	CVE-2024-47887
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-47887

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml

reference_id

CVE-2024-47887.YML

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml

reference_url

https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2

reference_id

f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/

url

https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2

reference_url

https://github.com/advisories/GHSA-vfg9-r3fq-jvx4

reference_id

GHSA-vfg9-r3fq-jvx4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vfg9-r3fq-jvx4

reference_url

https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4

reference_id

GHSA-vfg9-r3fq-jvx4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/

url

https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4

reference_url	https://usn.ubuntu.com/7290-1/
reference_id	USN-7290-1
reference_type
scores
url	https://usn.ubuntu.com/7290-1/

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-47887, GHSA-vfg9-r3fq-jvx4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypmv-73g2-gfex

119

url VCID-yrjj-cken-6qff

vulnerability_id VCID-yrjj-cken-6qff

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-54133

reference_id

reference_type

scores

value	0.0019
scoring_system	epss
scoring_elements	0.40654
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-54133

reference_url

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49

reference_url

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/

url

https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49

reference_url

https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/

url

https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a

reference_url

https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/

url

https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542

reference_url

https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/

url

https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d

reference_url

https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/

url

https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-54133

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-54133

reference_url

https://security.netapp.com/advisory/ntap-20250306-0010

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250306-0010

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755
reference_id	1089755
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2331619
reference_id	2331619
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2331619

reference_url	https://github.com/advisories/GHSA-vfm5-rmrh-j26v
reference_id	GHSA-vfm5-rmrh-j26v
reference_type
scores
url	https://github.com/advisories/GHSA-vfm5-rmrh-j26v

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-54133, GHSA-vfm5-rmrh-j26v

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yrjj-cken-6qff

120

url VCID-zm15-yzy1-xuhv

vulnerability_id VCID-zm15-yzy1-xuhv

summary

Possible XSS Vulnerability in ActionView
There is a possible XSS vulnerability in Action View. Text declared as `HTML safe` will not have quotes escaped when used as attribute values in tag helpers.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1856.html

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1856.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1857.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1857.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1858.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1858.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6316

reference_id

reference_type

scores

value	0.01626
scoring_system	epss
scoring_elements	0.82175
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE

reference_url

https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430

reference_url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/

reference_url

http://www.debian.org/security/2016/dsa-3651

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3651

reference_url

http://www.openwall.com/lists/oss-security/2016/08/11/3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/08/11/3

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155
reference_id	834155
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6316

reference_id

CVE-2016-6316

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6316

reference_url

https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316

reference_id

CVE-2016-6316

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml

reference_id

CVE-2016-6316.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml

reference_url

https://github.com/advisories/GHSA-pc3m-v286-2jwj

reference_id

GHSA-pc3m-v286-2jwj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pc3m-v286-2jwj

fixed_packages

url	pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-6316, GHSA-pc3m-v286-2jwj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zm15-yzy1-xuhv

121

url VCID-zpdq-xryt-x7c2

vulnerability_id VCID-zpdq-xryt-x7c2

summary

Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
There is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0201.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0201.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0202.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0202.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0203.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0203.html

reference_url

https://access.redhat.com/errata/RHSA-2013:0201

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0201

reference_url

https://access.redhat.com/errata/RHSA-2013:0202

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0202

reference_url

https://access.redhat.com/errata/RHSA-2013:0203

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0203

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0333

reference_id

reference_type

scores

value	0.91761
scoring_system	epss
scoring_elements	0.99699
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0333

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=903440

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=903440

reference_url

https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo

reference_url

https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/

reference_url

http://www.debian.org/security/2013/dsa-2613

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2613

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-0333

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226
reference_id	699226
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226

reference_url

reference_id

CVE-2013-0333

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-0333

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0333

reference_id

CVE-2013-0333

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0333

reference_url

https://puppet.com/security/cve/cve-2013-0333

reference_id

CVE-2013-0333

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://puppet.com/security/cve/cve-2013-0333

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb
reference_id	CVE-2013-0333;OSVDB-89594
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml

reference_id

CVE-2013-0333.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml

reference_url

https://github.com/advisories/GHSA-xgr2-v94m-rc9g

reference_id

GHSA-xgr2-v94m-rc9g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-xgr2-v94m-rc9g

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6xgn-ux7r-n3hs

vulnerability	VCID-fffn-puk6-ebas

vulnerability	VCID-fffz-javd-v7hb

vulnerability	VCID-fnhs-6r73-jycb

vulnerability	VCID-jamx-38p5-s7hd

vulnerability	VCID-mxde-jpzz-vff8

vulnerability	VCID-rqch-g7pm-sugv

vulnerability	VCID-tkka-tsj1-wyc1

vulnerability	VCID-ykzz-r4nz-mbdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-0333, GHSA-xgr2-v94m-rc9g, OSV-89594

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpdq-xryt-x7c2

122

url VCID-zy5d-6a4f-wua5

vulnerability_id VCID-zy5d-6a4f-wua5

summary

Improper Input Validation
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-3933

reference_id

reference_type

scores

value	0.00712
scoring_system	epss
scoring_elements	0.72616
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-3933

reference_url	http://secunia.com/advisories/41930
reference_id
reference_type
scores
url	http://secunia.com/advisories/41930

reference_url	http://securitytracker.com/id?1024624
reference_id
reference_type
scores
url	http://securitytracker.com/id?1024624

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url