Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/rails@7.0.2
Typegem
Namespace
Namerails
Version7.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.0.8.1
Latest_non_vulnerable_version7.1.3.1
Affected_by_vulnerabilities
0
url VCID-5bh7-drnb-7ygg
vulnerability_id VCID-5bh7-drnb-7ygg
summary 
Rails has possible XSS Vulnerability in Action Controller
# Possible XSS Vulnerability in Action Controller

There is a possible XSS vulnerability when using the translation helpers
(`translate`, `t`, etc) in Action Controller. This vulnerability has been
assigned the CVE identifier CVE-2024-26143.

Versions Affected:  >= 7.0.0.
Not affected:       < 7.0.0
Fixed Versions:     7.1.3.1, 7.0.8.1

Impact
------
Applications using translation methods like `translate`, or `t` on a
controller, with a key ending in "_html", a `:default` key which contains
untrusted user input, and the resulting string is used in a view, may be
susceptible to an XSS vulnerability.

For example, impacted code will look something like this:

```ruby
class ArticlesController < ApplicationController
  def show  
    @message = t("message_html", default: untrusted_input)
    # The `show` template displays the contents of `@message`
  end
end
```

To reiterate the pre-conditions, applications must:

* Use a translation function from a controller (i.e. _not_ I18n.t, or `t` from
  a view)
* Use a key that ends in `_html`
* Use a default value where the default value is untrusted and unescaped input
* Send the text to the victim (whether that's part of a template, or a
  `render` call)

All users running an affected release should either upgrade or use one of the
workarounds immediately.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

*  7-0-translate-xss.patch - Patch for 7.0 series
*  7-1-translate-xss.patch - Patch for 7.1 series

Credits
-------

Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the patch and fix!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26143
reference_id
reference_type
scores
0
value 0.02067
scoring_system epss
scoring_elements 0.83957
published_at 2026-04-18T12:55:00Z
1
value 0.02067
scoring_system epss
scoring_elements 0.83933
published_at 2026-04-13T12:55:00Z
2
value 0.02067
scoring_system epss
scoring_elements 0.83937
published_at 2026-04-12T12:55:00Z
3
value 0.02067
scoring_system epss
scoring_elements 0.83944
published_at 2026-04-11T12:55:00Z
4
value 0.02067
scoring_system epss
scoring_elements 0.83927
published_at 2026-04-09T12:55:00Z
5
value 0.02067
scoring_system epss
scoring_elements 0.83921
published_at 2026-04-08T12:55:00Z
6
value 0.02067
scoring_system epss
scoring_elements 0.83898
published_at 2026-04-07T12:55:00Z
7
value 0.02067
scoring_system epss
scoring_elements 0.83896
published_at 2026-04-04T12:55:00Z
8
value 0.02067
scoring_system epss
scoring_elements 0.8388
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26143
2
reference_url https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc
6
reference_url https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e
7
reference_url https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26143
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26143
10
reference_url https://security.netapp.com/advisory/ntap-20240510-0004
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240510-0004
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266388
reference_id 2266388
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266388
12
reference_url https://github.com/advisories/GHSA-9822-6m93-xqf4
reference_id GHSA-9822-6m93-xqf4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9822-6m93-xqf4
13
reference_url https://security.netapp.com/advisory/ntap-20240510-0004/
reference_id ntap-20240510-0004
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://security.netapp.com/advisory/ntap-20240510-0004/
fixed_packages
0
url pkg:gem/rails@7.0.8.1
purl pkg:gem/rails@7.0.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.8.1
1
url pkg:gem/rails@7.1.3.1
purl pkg:gem/rails@7.1.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.1.3.1
aliases CVE-2024-26143, GHSA-9822-6m93-xqf4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bh7-drnb-7ygg
1
url VCID-63gy-6njy-kbd8
vulnerability_id VCID-63gy-6njy-kbd8
summary 
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22792
reference_id
reference_type
scores
0
value 0.02639
scoring_system epss
scoring_elements 0.85734
published_at 2026-04-18T12:55:00Z
1
value 0.02639
scoring_system epss
scoring_elements 0.85729
published_at 2026-04-16T12:55:00Z
2
value 0.02639
scoring_system epss
scoring_elements 0.85707
published_at 2026-04-13T12:55:00Z
3
value 0.02639
scoring_system epss
scoring_elements 0.85711
published_at 2026-04-12T12:55:00Z
4
value 0.02639
scoring_system epss
scoring_elements 0.85715
published_at 2026-04-11T12:55:00Z
5
value 0.02639
scoring_system epss
scoring_elements 0.85701
published_at 2026-04-09T12:55:00Z
6
value 0.02639
scoring_system epss
scoring_elements 0.85663
published_at 2026-04-04T12:55:00Z
7
value 0.02639
scoring_system epss
scoring_elements 0.8567
published_at 2026-04-07T12:55:00Z
8
value 0.02639
scoring_system epss
scoring_elements 0.85646
published_at 2026-04-02T12:55:00Z
9
value 0.02639
scoring_system epss
scoring_elements 0.85689
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22792
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/
url https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
15
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml
17
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
18
reference_url https://security.netapp.com/advisory/ntap-20240202-0007
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240202-0007
19
reference_url https://www.debian.org/security/2023/dsa-5372
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/
url https://www.debian.org/security/2023/dsa-5372
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164800
reference_id 2164800
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164800
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22792
reference_id CVE-2023-22792
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22792
23
reference_url https://github.com/advisories/GHSA-p84v-45xj-wwqj
reference_id GHSA-p84v-45xj-wwqj
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p84v-45xj-wwqj
24
reference_url https://security.netapp.com/advisory/ntap-20240202-0007/
reference_id ntap-20240202-0007
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/
url https://security.netapp.com/advisory/ntap-20240202-0007/
25
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/rails@7.0.4.1
purl pkg:gem/rails@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5bh7-drnb-7ygg
1
vulnerability VCID-65tq-e5eb-eucj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.4.1
aliases CVE-2023-22792, GHSA-p84v-45xj-wwqj, GMS-2023-58
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63gy-6njy-kbd8
2
url VCID-65tq-e5eb-eucj
vulnerability_id VCID-65tq-e5eb-eucj
summary 
Rails has possible Sensitive Session Information Leak in Active Storage
# Possible Sensitive Session Information Leak in Active Storage

There is a possible sensitive session information leak in Active Storage.  By
default, Active Storage sends a `Set-Cookie` header along with the user's
session cookie when serving blobs.  It also sets `Cache-Control` to public.
Certain proxies may cache the Set-Cookie, leading to an information leak.

This vulnerability has been assigned the CVE identifier CVE-2024-26144.

Versions Affected:  >= 5.2.0, < 7.1.0
Not affected:       < 5.2.0, > 7.1.0
Fixed Versions:     7.0.8.1, 6.1.7.7

Impact
------
A proxy which chooses to caches this request can cause users to share
sessions. This may include a user receiving an attacker's session or vice
versa.

This was patched in 7.1.0 but not previously identified as a security
vulnerability.

All users running an affected release should either upgrade or use one of the
workarounds immediately.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Upgrade to Rails 7.1.X, or configure caching proxies not to cache the
Set-Cookie headers.

Credits
-------

Thanks to [tyage](https://hackerone.com/tyage) for reporting this!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26144
reference_id
reference_type
scores
0
value 0.03103
scoring_system epss
scoring_elements 0.86829
published_at 2026-04-18T12:55:00Z
1
value 0.03103
scoring_system epss
scoring_elements 0.86825
published_at 2026-04-16T12:55:00Z
2
value 0.03103
scoring_system epss
scoring_elements 0.86809
published_at 2026-04-13T12:55:00Z
3
value 0.03103
scoring_system epss
scoring_elements 0.86814
published_at 2026-04-12T12:55:00Z
4
value 0.03103
scoring_system epss
scoring_elements 0.86818
published_at 2026-04-11T12:55:00Z
5
value 0.03103
scoring_system epss
scoring_elements 0.86804
published_at 2026-04-09T12:55:00Z
6
value 0.03103
scoring_system epss
scoring_elements 0.86796
published_at 2026-04-08T12:55:00Z
7
value 0.03103
scoring_system epss
scoring_elements 0.86776
published_at 2026-04-07T12:55:00Z
8
value 0.03103
scoring_system epss
scoring_elements 0.86778
published_at 2026-04-04T12:55:00Z
9
value 0.03103
scoring_system epss
scoring_elements 0.86759
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26144
2
reference_url https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433
6
reference_url https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3
7
reference_url https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26144
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26144
11
reference_url https://security.netapp.com/advisory/ntap-20240510-0013
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240510-0013
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119
reference_id 1065119
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266063
reference_id 2266063
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266063
14
reference_url https://github.com/advisories/GHSA-8h22-8cf7-hq6g
reference_id GHSA-8h22-8cf7-hq6g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8h22-8cf7-hq6g
15
reference_url https://security.netapp.com/advisory/ntap-20240510-0013/
reference_id ntap-20240510-0013
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://security.netapp.com/advisory/ntap-20240510-0013/
16
reference_url https://access.redhat.com/errata/RHSA-2024:10806
reference_id RHSA-2024:10806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10806
fixed_packages
0
url pkg:gem/rails@7.0.8.1
purl pkg:gem/rails@7.0.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.8.1
aliases CVE-2024-26144, GHSA-8h22-8cf7-hq6g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65tq-e5eb-eucj
3
url VCID-6tty-dbwx-rbgx
vulnerability_id VCID-6tty-dbwx-rbgx
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22797.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22797.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22797
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.33494
published_at 2026-04-18T12:55:00Z
1
value 0.00137
scoring_system epss
scoring_elements 0.33518
published_at 2026-04-16T12:55:00Z
2
value 0.00137
scoring_system epss
scoring_elements 0.33482
published_at 2026-04-13T12:55:00Z
3
value 0.00137
scoring_system epss
scoring_elements 0.33605
published_at 2026-04-02T12:55:00Z
4
value 0.00137
scoring_system epss
scoring_elements 0.3352
published_at 2026-04-08T12:55:00Z
5
value 0.00137
scoring_system epss
scoring_elements 0.33476
published_at 2026-04-07T12:55:00Z
6
value 0.00137
scoring_system epss
scoring_elements 0.33638
published_at 2026-04-04T12:55:00Z
7
value 0.00137
scoring_system epss
scoring_elements 0.33506
published_at 2026-04-12T12:55:00Z
8
value 0.00137
scoring_system epss
scoring_elements 0.33548
published_at 2026-04-11T12:55:00Z
9
value 0.00137
scoring_system epss
scoring_elements 0.33554
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22797
2
reference_url https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:07:07Z/
url https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22797.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22797.yml
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164793
reference_id 2164793
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164793
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22797
reference_id CVE-2023-22797
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22797
9
reference_url https://github.com/advisories/GHSA-9445-4cr6-336r
reference_id GHSA-9445-4cr6-336r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9445-4cr6-336r
fixed_packages
0
url pkg:gem/rails@7.0.4.1
purl pkg:gem/rails@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5bh7-drnb-7ygg
1
vulnerability VCID-65tq-e5eb-eucj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.4.1
aliases CVE-2023-22797, GHSA-9445-4cr6-336r, GMS-2023-57
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tty-dbwx-rbgx
4
url VCID-hppf-a715-r7b2
vulnerability_id VCID-hppf-a715-r7b2
summary 
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22795
reference_id
reference_type
scores
0
value 0.01523
scoring_system epss
scoring_elements 0.81305
published_at 2026-04-18T12:55:00Z
1
value 0.01523
scoring_system epss
scoring_elements 0.81303
published_at 2026-04-16T12:55:00Z
2
value 0.01523
scoring_system epss
scoring_elements 0.81266
published_at 2026-04-13T12:55:00Z
3
value 0.01523
scoring_system epss
scoring_elements 0.81274
published_at 2026-04-12T12:55:00Z
4
value 0.01523
scoring_system epss
scoring_elements 0.8121
published_at 2026-04-02T12:55:00Z
5
value 0.01523
scoring_system epss
scoring_elements 0.81267
published_at 2026-04-09T12:55:00Z
6
value 0.01523
scoring_system epss
scoring_elements 0.81262
published_at 2026-04-08T12:55:00Z
7
value 0.01523
scoring_system epss
scoring_elements 0.81234
published_at 2026-04-07T12:55:00Z
8
value 0.01523
scoring_system epss
scoring_elements 0.81288
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22795
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
15
reference_url https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f
16
reference_url https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0
17
reference_url https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592
18
reference_url https://github.com/rails/rails/releases/tag/v6.1.7.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.7.1
19
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml
21
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164799
reference_id 2164799
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164799
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22795
reference_id CVE-2023-22795
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22795
25
reference_url https://github.com/advisories/GHSA-8xww-x3g3-6jcv
reference_id GHSA-8xww-x3g3-6jcv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8xww-x3g3-6jcv
26
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/rails@7.0.4.1
purl pkg:gem/rails@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5bh7-drnb-7ygg
1
vulnerability VCID-65tq-e5eb-eucj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.4.1
aliases CVE-2023-22795, GHSA-8xww-x3g3-6jcv, GMS-2023-56
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hppf-a715-r7b2
5
url VCID-jwun-grgg-2uet
vulnerability_id VCID-jwun-grgg-2uet
summary 
Exposure of information in Action Pack
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23633
reference_id
reference_type
scores
0
value 0.00367
scoring_system epss
scoring_elements 0.5868
published_at 2026-04-16T12:55:00Z
1
value 0.00367
scoring_system epss
scoring_elements 0.58685
published_at 2026-04-18T12:55:00Z
2
value 0.00367
scoring_system epss
scoring_elements 0.58648
published_at 2026-04-13T12:55:00Z
3
value 0.00367
scoring_system epss
scoring_elements 0.58667
published_at 2026-04-12T12:55:00Z
4
value 0.00367
scoring_system epss
scoring_elements 0.58687
published_at 2026-04-11T12:55:00Z
5
value 0.00367
scoring_system epss
scoring_elements 0.58669
published_at 2026-04-09T12:55:00Z
6
value 0.00367
scoring_system epss
scoring_elements 0.58662
published_at 2026-04-08T12:55:00Z
7
value 0.00367
scoring_system epss
scoring_elements 0.5861
published_at 2026-04-07T12:55:00Z
8
value 0.00367
scoring_system epss
scoring_elements 0.58643
published_at 2026-04-04T12:55:00Z
9
value 0.00367
scoring_system epss
scoring_elements 0.58623
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23633
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23634
reference_id
reference_type
scores
0
value 0.00441
scoring_system epss
scoring_elements 0.63277
published_at 2026-04-18T12:55:00Z
1
value 0.00441
scoring_system epss
scoring_elements 0.63198
published_at 2026-04-07T12:55:00Z
2
value 0.00441
scoring_system epss
scoring_elements 0.63269
published_at 2026-04-12T12:55:00Z
3
value 0.00441
scoring_system epss
scoring_elements 0.63284
published_at 2026-04-11T12:55:00Z
4
value 0.00441
scoring_system epss
scoring_elements 0.63233
published_at 2026-04-13T12:55:00Z
5
value 0.00441
scoring_system epss
scoring_elements 0.63267
published_at 2026-04-09T12:55:00Z
6
value 0.00441
scoring_system epss
scoring_elements 0.6327
published_at 2026-04-16T12:55:00Z
7
value 0.00441
scoring_system epss
scoring_elements 0.6325
published_at 2026-04-08T12:55:00Z
8
value 0.00453
scoring_system epss
scoring_elements 0.63763
published_at 2026-04-02T12:55:00Z
9
value 0.00453
scoring_system epss
scoring_elements 0.63789
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23634
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
17
reference_url https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016
18
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
19
reference_url https://github.com/puma/puma
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma
20
reference_url https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
21
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
22
reference_url https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da
23
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml
24
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml
25
reference_url https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements
1
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
26
reference_url https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1
27
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html
28
reference_url https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html
29
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/
36
reference_url https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released
37
reference_url https://security.gentoo.org/glsa/202208-28
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-28
38
reference_url https://security.netapp.com/advisory/ntap-20240119-0013
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240119-0013
39
reference_url https://security.netapp.com/advisory/ntap-20240119-0013/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240119-0013/
40
reference_url https://www.debian.org/security/2022/dsa-5146
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5146
41
reference_url https://www.debian.org/security/2023/dsa-5372
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5372
42
reference_url http://www.openwall.com/lists/oss-security/2022/02/11/5
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/02/11/5
43
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389
reference_id 1005389
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389
44
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005391
reference_id 1005391
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005391
45
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2054211
reference_id 2054211
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2054211
46
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2063149
reference_id 2063149
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2063149
47
reference_url https://security.archlinux.org/AVG-2764
reference_id AVG-2764
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2764
48
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23633
reference_id CVE-2022-23633
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23633
49
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23634
reference_id CVE-2022-23634
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23634
50
reference_url https://github.com/advisories/GHSA-rmj8-8hhh-gv5h
reference_id GHSA-rmj8-8hhh-gv5h
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rmj8-8hhh-gv5h
51
reference_url https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
reference_id GHSA-rmj8-8hhh-gv5h
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
52
reference_url https://github.com/advisories/GHSA-wh98-p28r-vrc9
reference_id GHSA-wh98-p28r-vrc9
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-wh98-p28r-vrc9
53
reference_url https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9
reference_id GHSA-wh98-p28r-vrc9
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9
54
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
55
reference_url https://usn.ubuntu.com/6682-1/
reference_id USN-6682-1
reference_type
scores
url https://usn.ubuntu.com/6682-1/
fixed_packages
0
url pkg:gem/rails@7.0.2.2
purl pkg:gem/rails@7.0.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5bh7-drnb-7ygg
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-65tq-e5eb-eucj
3
vulnerability VCID-6tty-dbwx-rbgx
4
vulnerability VCID-hppf-a715-r7b2
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.2.2
aliases CVE-2022-23633, CVE-2022-23634, GHSA-rmj8-8hhh-gv5h, GHSA-wh98-p28r-vrc9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwun-grgg-2uet
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.2