Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionpack@2.2.0
Typegem
Namespace
Nameactionpack
Version2.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.0.8.7
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-vgm2-8wjy-x7ed
vulnerability_id VCID-vgm2-8wjy-x7ed
summary 
Improper Input Validation
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
2
reference_url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
3
reference_url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
reference_id
reference_type
scores
url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-7248
reference_id
reference_type
scores
0
value 0.11409
scoring_system epss
scoring_elements 0.93601
published_at 2026-04-21T12:55:00Z
1
value 0.11409
scoring_system epss
scoring_elements 0.93535
published_at 2026-04-01T12:55:00Z
2
value 0.11409
scoring_system epss
scoring_elements 0.93544
published_at 2026-04-02T12:55:00Z
3
value 0.11409
scoring_system epss
scoring_elements 0.93552
published_at 2026-04-04T12:55:00Z
4
value 0.11409
scoring_system epss
scoring_elements 0.93553
published_at 2026-04-07T12:55:00Z
5
value 0.11409
scoring_system epss
scoring_elements 0.93561
published_at 2026-04-08T12:55:00Z
6
value 0.11409
scoring_system epss
scoring_elements 0.93564
published_at 2026-04-09T12:55:00Z
7
value 0.11409
scoring_system epss
scoring_elements 0.9357
published_at 2026-04-12T12:55:00Z
8
value 0.11409
scoring_system epss
scoring_elements 0.93571
published_at 2026-04-13T12:55:00Z
9
value 0.11409
scoring_system epss
scoring_elements 0.9359
published_at 2026-04-16T12:55:00Z
10
value 0.11409
scoring_system epss
scoring_elements 0.93596
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-7248
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=544329
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=544329
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248
8
reference_url http://secunia.com/advisories/36600
reference_id
reference_type
scores
url http://secunia.com/advisories/36600
9
reference_url http://secunia.com/advisories/38915
reference_id
reference_type
scores
url http://secunia.com/advisories/38915
10
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
11
reference_url https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a
12
reference_url https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
13
reference_url https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
14
reference_url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
15
reference_url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
reference_id
reference_type
scores
url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
16
reference_url https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544
17
reference_url https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
18
reference_url https://www.openwall.com/lists/oss-security/2009/11/28/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2009/11/28/1
19
reference_url https://www.openwall.com/lists/oss-security/2009/12/02/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2009/12/02/2
20
reference_url https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
21
reference_url http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
22
reference_url http://www.openwall.com/lists/oss-security/2009/11/28/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2009/11/28/1
23
reference_url http://www.openwall.com/lists/oss-security/2009/12/02/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2009/12/02/2
24
reference_url http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
reference_id
reference_type
scores
url http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
25
reference_url http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2009/2544
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
reference_id 558685
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
27
reference_url https://access.redhat.com/security/cve/CVE-2008-7248
reference_id CVE-2008-7248
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2008-7248
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-7248
reference_id CVE-2008-7248
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-7248
29
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt
reference_id CVE-2008-7248;OSVDB-61124
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt
30
reference_url https://www.securityfocus.com/bid/37322/info
reference_id CVE-2008-7248;OSVDB-61124
reference_type exploit
scores
url https://www.securityfocus.com/bid/37322/info
31
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml
reference_id CVE-2008-7248.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml
32
reference_url https://github.com/advisories/GHSA-8fqx-7pv4-3jwm
reference_id GHSA-8fqx-7pv4-3jwm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8fqx-7pv4-3jwm
33
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
0
url pkg:gem/actionpack@2.2.2
purl pkg:gem/actionpack@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rgy-k7a9-m7au
1
vulnerability VCID-1xgz-hwng-n3eq
2
vulnerability VCID-333w-aacz-mfcr
3
vulnerability VCID-3wtf-uu89-2qe5
4
vulnerability VCID-3x4p-t3yb-3yak
5
vulnerability VCID-3zdr-vasc-a7cn
6
vulnerability VCID-49pq-vg95-jkh2
7
vulnerability VCID-4epw-vk25-mfdw
8
vulnerability VCID-4he5-y1u4-gkd2
9
vulnerability VCID-5hqj-fxmk-cbcy
10
vulnerability VCID-63gy-6njy-kbd8
11
vulnerability VCID-6j55-bstz-yybj
12
vulnerability VCID-7f5r-9h1g-nuch
13
vulnerability VCID-9hq5-3usy-5fhq
14
vulnerability VCID-a6sp-18av-wya6
15
vulnerability VCID-awt1-8bxs-xffs
16
vulnerability VCID-bjwf-uhyk-63aj
17
vulnerability VCID-c1w4-z275-tqg7
18
vulnerability VCID-carc-ntrd-ebfe
19
vulnerability VCID-cdnw-t8n1-23ep
20
vulnerability VCID-cnqr-6e98-5kgk
21
vulnerability VCID-cwa7-9d2t-rfhb
22
vulnerability VCID-dd9p-x7k3-37ea
23
vulnerability VCID-ehbj-aezy-d7h4
24
vulnerability VCID-g3rk-djae-pkeh
25
vulnerability VCID-h8gs-ansa-9bd9
26
vulnerability VCID-h94p-ywve-y7h9
27
vulnerability VCID-hmp2-rmzv-wkhg
28
vulnerability VCID-hppf-a715-r7b2
29
vulnerability VCID-j24x-nhsb-yug6
30
vulnerability VCID-kcj2-v7av-47cv
31
vulnerability VCID-knsd-pv15-tydx
32
vulnerability VCID-kr1b-uct1-7kf6
33
vulnerability VCID-mep3-6sub-ykdk
34
vulnerability VCID-mnkw-23eu-bkgc
35
vulnerability VCID-msda-xqbp-qfdd
36
vulnerability VCID-n8cc-3stk-97b5
37
vulnerability VCID-nf8s-2aaa-17fw
38
vulnerability VCID-p5mc-r1rg-5ff7
39
vulnerability VCID-phxs-zet8-ryh3
40
vulnerability VCID-pmrb-t3bm-zkb6
41
vulnerability VCID-rps2-k24p-9qgq
42
vulnerability VCID-sfyc-jewr-wuf5
43
vulnerability VCID-sgdb-985e-4uej
44
vulnerability VCID-tt6r-bytq-4fa4
45
vulnerability VCID-v3r3-bwp5-a3bn
46
vulnerability VCID-vgm2-8wjy-x7ed
47
vulnerability VCID-wg3a-j2dp-ayh4
48
vulnerability VCID-y8gn-9fat-e7d1
49
vulnerability VCID-ynqu-cjn9-fqf2
50
vulnerability VCID-zkvd-bfd6-t7dg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.2.2
aliases CVE-2008-7248, GHSA-8fqx-7pv4-3jwm
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgm2-8wjy-x7ed
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.2.0