Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/rubygem-net-ldap@0.1.1-3?arch=el6cf
Typerpm
Namespaceredhat
Namerubygem-net-ldap
Version0.1.1-3
Qualifiers
arch el6cf
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1xbd-73qv-mff9
vulnerability_id VCID-1xbd-73qv-mff9
summary 
actionpack Improper Authentication vulnerability
The `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3424
reference_id
reference_type
scores
0
value 0.00981
scoring_system epss
scoring_elements 0.7707
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3424
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600
6
reference_url https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3424
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3424
8
reference_url http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=843711
reference_id 843711
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=843711
10
reference_url https://github.com/advisories/GHSA-92w9-2pqw-rhjj
reference_id GHSA-92w9-2pqw-rhjj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92w9-2pqw-rhjj
11
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
12
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-3424, GHSA-92w9-2pqw-rhjj, OSV-84243
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xbd-73qv-mff9
1
url VCID-3edd-m27s-a3ek
vulnerability_id VCID-3edd-m27s-a3ek
summary 
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2694
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44664
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2694
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a
10
reference_url https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml
12
reference_url https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain
13
reference_url https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2694
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2694
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=831581
reference_id 831581
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=831581
16
reference_url https://github.com/advisories/GHSA-q34c-48gc-m9g8
reference_id GHSA-q34c-48gc-m9g8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q34c-48gc-m9g8
17
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
18
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-2694, GHSA-q34c-48gc-m9g8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3edd-m27s-a3ek
2
url VCID-4bzb-ft3d-dkgg
vulnerability_id VCID-4bzb-ft3d-dkgg
summary 
actionpack Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/form_tag_helper.rb` in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the `prompt` field to the `select_tag` helper.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3463
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56331
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3463
3
reference_url https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64
4
reference_url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
5
reference_url https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain
6
reference_url https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3463
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3463
8
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
9
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=847196
reference_id 847196
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=847196
11
reference_url https://github.com/advisories/GHSA-98mf-8f57-64qf
reference_id GHSA-98mf-8f57-64qf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98mf-8f57-64qf
12
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
13
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-3463, GHSA-98mf-8f57-64qf, OSV-84515
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4bzb-ft3d-dkgg
3
url VCID-6yh9-mvds-f3ge
vulnerability_id VCID-6yh9-mvds-f3ge
summary 
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
`lib/puppet/ssl/certificate_authority.rb` in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
2
reference_url http://puppetlabs.com/security/cve/cve-2012-3867
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3867
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3867
reference_id
reference_type
scores
0
value 0.01418
scoring_system epss
scoring_elements 0.80882
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3867
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839158
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839158
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867
7
reference_url http://secunia.com/advisories/50014
reference_id
reference_type
scores
url http://secunia.com/advisories/50014
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
10
reference_url https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3867
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3867
13
reference_url https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
14
reference_url http://www.debian.org/security/2012/dsa-2511
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2511
15
reference_url http://www.ubuntu.com/usn/USN-1506-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1506-1
16
reference_url http://puppetlabs.com/security/cve/cve-2012-3867/
reference_id CVE-2012-3867
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3867/
17
reference_url https://github.com/advisories/GHSA-q44r-f2hm-v76v
reference_id GHSA-q44r-f2hm-v76v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q44r-f2hm-v76v
18
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
19
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
aliases CVE-2012-3867, GHSA-q44r-f2hm-v76v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6yh9-mvds-f3ge
4
url VCID-8axt-ka9d-y3d2
vulnerability_id VCID-8axt-ka9d-y3d2
summary 
Mail Gem Improper Input Validation vulnerability
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2140.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2140.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2140
reference_id
reference_type
scores
0
value 0.03667
scoring_system epss
scoring_elements 0.88089
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2140
5
reference_url https://bugzilla.novell.com/show_bug.cgi?id=759092
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.novell.com/show_bug.cgi?id=759092
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=816352
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=816352
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2140
8
reference_url http://secunia.com/advisories/48970
reference_id
reference_type
scores
url http://secunia.com/advisories/48970
9
reference_url https://github.com/mikel/mail
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mikel/mail
10
reference_url https://github.com/mikel/mail/blob/9beb079c70d236a5ad2e1ba95b2c977e55deb7af/CHANGELOG.rdoc
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mikel/mail/blob/9beb079c70d236a5ad2e1ba95b2c977e55deb7af/CHANGELOG.rdoc
11
reference_url https://github.com/mikel/mail/commit/39b590ddb08f90ddbe445837359a2c8843e533d0
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mikel/mail/commit/39b590ddb08f90ddbe445837359a2c8843e533d0
12
reference_url https://github.com/mikel/mail/commit/ac56f03bdfc30b379aeecd4ff317d08fdaa328c2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mikel/mail/commit/ac56f03bdfc30b379aeecd4ff317d08fdaa328c2
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2140
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2140
14
reference_url http://www.openwall.com/lists/oss-security/2012/04/25/8
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/04/25/8
15
reference_url http://www.openwall.com/lists/oss-security/2012/04/26/1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/04/26/1
16
reference_url https://github.com/advisories/GHSA-rp63-jfmw-532w
reference_id GHSA-rp63-jfmw-532w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rp63-jfmw-532w
17
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
fixed_packages
aliases CVE-2012-2140, GHSA-rp63-jfmw-532w, OSV-81632
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8axt-ka9d-y3d2
5
url VCID-8umt-dz29-p3ck
vulnerability_id VCID-8umt-dz29-p3ck
summary 
Active Record vulnerable to SQL Injection via nested query parameters
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2661
reference_id
reference_type
scores
0
value 0.00627
scoring_system epss
scoring_elements 0.70556
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2661
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
7
reference_url https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
9
reference_url https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2661
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2661
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=827363
reference_id 827363
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=827363
12
reference_url https://github.com/advisories/GHSA-fh39-v733-mxfr
reference_id GHSA-fh39-v733-mxfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh39-v733-mxfr
13
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
14
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-2661, GHSA-fh39-v733-mxfr, OSV-82403
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8umt-dz29-p3ck
6
url VCID-dbvw-1xvz-63b8
vulnerability_id VCID-dbvw-1xvz-63b8
summary 
activerecord vulnerable to SQL Injection
The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2695
reference_id
reference_type
scores
0
value 0.00637
scoring_system epss
scoring_elements 0.70807
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2695
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml
10
reference_url https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain
11
reference_url https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2695
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2695
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=831573
reference_id 831573
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=831573
14
reference_url https://github.com/advisories/GHSA-76wq-xw4h-f8wj
reference_id GHSA-76wq-xw4h-f8wj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-76wq-xw4h-f8wj
15
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
16
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-2695, GHSA-76wq-xw4h-f8wj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dbvw-1xvz-63b8
7
url VCID-e2hf-jknj-t3e5
vulnerability_id VCID-e2hf-jknj-t3e5
summary 
Puppet Denial of Service and Arbitrary File Write
A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to **(1)** cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and `/dev/random`; or **(2)** cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a `Puppet::FileBucket::File object`" to write to arbitrary file locations.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
reference_id
reference_type
scores
0
value 0.00763
scoring_system epss
scoring_elements 0.7371
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
7
reference_url https://github.com/advisories/GHSA-v58w-6xc2-w799
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v58w-6xc2-w799
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
10
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
12
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
13
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
15
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
16
reference_url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
17
reference_url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
18
reference_url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
19
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
20
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
21
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810070
reference_id 810070
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810070
23
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
reference_id CVE-2012-1987
reference_type
scores
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
24
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
25
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
26
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
aliases CVE-2012-1987, GHSA-v58w-6xc2-w799
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2hf-jknj-t3e5
8
url VCID-jk5r-861p-eydv
vulnerability_id VCID-jk5r-861p-eydv
summary puppet: Filebucket arbitrary file read
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1986.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1986.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1986
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59335
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1986
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1986
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1986
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810069
reference_id 810069
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810069
4
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
5
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
6
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
aliases CVE-2012-1986
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jk5r-861p-eydv
9
url VCID-mnh7-4rvx-suay
vulnerability_id VCID-mnh7-4rvx-suay
summary 
Action Pack contains database-query restrictions bypass
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `[nil]` values, a related issue to CVE-2012-2694.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2660
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.3656
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2660
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
10
reference_url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
14
reference_url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
15
reference_url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
16
reference_url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=827353
reference_id 827353
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=827353
19
reference_url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
reference_id GHSA-hgpp-pp89-4fgf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
20
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
21
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mnh7-4rvx-suay
10
url VCID-qswy-ngsk-yfhy
vulnerability_id VCID-qswy-ngsk-yfhy
summary 
activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.rb` in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3464
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.47909
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3464
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464
4
reference_url https://github.com/advisories/GHSA-h835-75hw-pj89
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h835-75hw-pj89
5
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
6
reference_url https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce
7
reference_url https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23
8
reference_url https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870
9
reference_url https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc
10
reference_url https://github.com/rails/rails/issues/7215
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/issues/7215
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml
12
reference_url https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3464
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3464
14
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=847199
reference_id 847199
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=847199
16
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
17
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-3464, GHSA-h835-75hw-pj89, OSV-84516
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qswy-ngsk-yfhy
11
url VCID-rfun-f86c-ayfd
vulnerability_id VCID-rfun-f86c-ayfd
summary 
Mail Gem Path Traversal vulnerability
Directory traversal vulnerability in `lib/mail/network/delivery_methods/file_delivery.rb` in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a `..` (dot dot) in the to parameter.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2139.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2139.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2139
reference_id
reference_type
scores
0
value 0.03527
scoring_system epss
scoring_elements 0.87853
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2139
5
reference_url https://bugzilla.novell.com/show_bug.cgi?id=759092
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.novell.com/show_bug.cgi?id=759092
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=816352
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=816352
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2139
8
reference_url https://github.com/mikel/mail
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mikel/mail
9
reference_url https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2139
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2139
11
reference_url http://www.openwall.com/lists/oss-security/2012/04/25/8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/04/25/8
12
reference_url http://www.openwall.com/lists/oss-security/2012/04/26/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/04/26/1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=891762
reference_id 891762
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=891762
14
reference_url https://github.com/advisories/GHSA-cj92-c4fj-w9c5
reference_id GHSA-cj92-c4fj-w9c5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cj92-c4fj-w9c5
15
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
fixed_packages
aliases CVE-2012-2139, GHSA-cj92-c4fj-w9c5, OSV-81631
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfun-f86c-ayfd
12
url VCID-rgw4-mrr9-euda
vulnerability_id VCID-rgw4-mrr9-euda
summary 
actionpack Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3465
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56331
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3465
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77
6
reference_url https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a
7
reference_url https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3465
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3465
9
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=847200
reference_id 847200
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=847200
11
reference_url https://github.com/advisories/GHSA-7g65-ghrg-hpf5
reference_id GHSA-7g65-ghrg-hpf5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7g65-ghrg-hpf5
12
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
13
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-3465, GHSA-7g65-ghrg-hpf5, OSV-84513
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rgw4-mrr9-euda
13
url VCID-ttwu-tjgf-7yd3
vulnerability_id VCID-ttwu-tjgf-7yd3
summary 
Puppet Arbitrary Command Execution
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/issues/13518
4
reference_url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
5
reference_url http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-1988
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
reference_id
reference_type
scores
0
value 0.00492
scoring_system epss
scoring_elements 0.65938
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
10
reference_url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
11
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
12
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
13
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
15
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
16
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
18
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
19
reference_url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
20
reference_url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
21
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
22
reference_url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
23
reference_url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
24
reference_url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
25
reference_url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
26
reference_url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
27
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
28
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
29
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810071
reference_id 810071
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810071
30
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
reference_id CVE-2012-1988
reference_type
scores
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
31
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
32
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
33
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
aliases CVE-2012-1988, GHSA-6xxq-j39w-g3f6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttwu-tjgf-7yd3
14
url VCID-vynj-d67h-ubc2
vulnerability_id VCID-vynj-d67h-ubc2
summary puppet: authenticated clients allowed to read arbitrary files from the puppet master
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3864.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3864.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3864
reference_id
reference_type
scores
0
value 0.00314
scoring_system epss
scoring_elements 0.54793
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3864
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3864
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3864
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839130
reference_id 839130
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=839130
4
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
5
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
aliases CVE-2012-3864
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vynj-d67h-ubc2
15
url VCID-x1rs-vcv1-hua6
vulnerability_id VCID-x1rs-vcv1-hua6
summary 
Puppet vulnerable to Path Traversal
Directory traversal vulnerability in `lib/puppet/reports/store.rb` in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a `..` (dot dot) in a node name.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
2
reference_url http://puppetlabs.com/security/cve/cve-2012-3865
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3865
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3865
reference_id
reference_type
scores
0
value 0.01176
scoring_system epss
scoring_elements 0.79024
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3865
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839131
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839131
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865
7
reference_url http://secunia.com/advisories/50014
reference_id
reference_type
scores
url http://secunia.com/advisories/50014
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
10
reference_url https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3865
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3865
14
reference_url https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
15
reference_url http://www.debian.org/security/2012/dsa-2511
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2511
16
reference_url http://www.ubuntu.com/usn/USN-1506-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1506-1
17
reference_url http://puppetlabs.com/security/cve/cve-2012-3865/
reference_id CVE-2012-3865
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3865/
18
reference_url https://github.com/advisories/GHSA-g89m-3wjw-h857
reference_id GHSA-g89m-3wjw-h857
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g89m-3wjw-h857
19
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
20
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
aliases CVE-2012-3865, GHSA-g89m-3wjw-h857
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1rs-vcv1-hua6
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-net-ldap@0.1.1-3%3Farch=el6cf