Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/rh-ror42-rubygem-actionpack@1:4.2.6-3?arch=el7

Type rpm

Namespace redhat

Name rh-ror42-rubygem-actionpack

Version 1:4.2.6-3

Qualifiers

arch	el7

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-b4sv-b9pz-r7er

vulnerability_id VCID-b4sv-b9pz-r7er

summary

actionview Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1855.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1855.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1856.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1856.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1857.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1857.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1858.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1858.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6316

reference_id

reference_type

scores

value	0.01626
scoring_system	epss
scoring_elements	0.82169
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6316

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6316

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6316

reference_url

https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430

reference_url

https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316

reference_url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/

reference_url

http://www.debian.org/security/2016/dsa-3651

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3651

reference_url

http://www.openwall.com/lists/oss-security/2016/08/11/3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/08/11/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1365008
reference_id	1365008
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1365008

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155
reference_id	834155
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155

reference_url

https://github.com/advisories/GHSA-pc3m-v286-2jwj

reference_id

GHSA-pc3m-v286-2jwj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pc3m-v286-2jwj

reference_url	https://access.redhat.com/errata/RHSA-2016:1855
reference_id	RHSA-2016:1855
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1855

reference_url	https://access.redhat.com/errata/RHSA-2016:1856
reference_id	RHSA-2016:1856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1856

reference_url	https://access.redhat.com/errata/RHSA-2016:1857
reference_id	RHSA-2016:1857
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1857

reference_url	https://access.redhat.com/errata/RHSA-2016:1858
reference_id	RHSA-2016:1858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1858

fixed_packages

aliases CVE-2016-6316, GHSA-pc3m-v286-2jwj

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b4sv-b9pz-r7er

url VCID-cbdn-yhbu-5uaj

vulnerability_id VCID-cbdn-yhbu-5uaj

summary

ActiveRecord in Ruby on Rails allows database-query bypass
Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1855.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1855.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6317

reference_id

reference_type

scores

value	0.00381
scoring_system	epss
scoring_elements	0.59771
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6317

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6317

reference_url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/

reference_url

http://www.openwall.com/lists/oss-security/2016/08/11/4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/08/11/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1365017
reference_id	1365017
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1365017

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154
reference_id	834154
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154

reference_url

https://github.com/advisories/GHSA-pr3r-4wrp-r2pv

reference_id

GHSA-pr3r-4wrp-r2pv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pr3r-4wrp-r2pv

reference_url	https://access.redhat.com/errata/RHSA-2016:1855
reference_id	RHSA-2016:1855
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1855

fixed_packages

aliases CVE-2016-6317, GHSA-pr3r-4wrp-r2pv

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbdn-yhbu-5uaj

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ror42-rubygem-actionpack@1:4.2.6-3%3Farch=el7

Package Instance