Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/activemodel@4.1.14.0

Type gem

Namespace

Name activemodel

Version 4.1.14.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.1.14.1

Latest_non_vulnerable_version 5.0.0.beta1.1

Affected_by_vulnerabilities

url VCID-8bvv-wkyv-1fdp

vulnerability_id VCID-8bvv-wkyv-1fdp

summary

activemodel contains Improper Input Validation
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-0296.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-0296.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0753.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0753.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-0753

reference_id

reference_type

scores

value	0.02328
scoring_system	epss
scoring_elements	0.8508
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0753

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0753

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0753

reference_url

https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816

reference_url

https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247

reference_url

https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ

reference_url

http://www.debian.org/security/2016/dsa-3464

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3464

reference_url

http://www.openwall.com/lists/oss-security/2016/01/25/14

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/14

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1301973
reference_id	1301973
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1301973

reference_url

https://github.com/advisories/GHSA-543v-gj2c-r3ch

reference_id

GHSA-543v-gj2c-r3ch

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-543v-gj2c-r3ch

reference_url	https://access.redhat.com/errata/RHSA-2016:0296
reference_id	RHSA-2016:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0296

fixed_packages

url	pkg:gem/activemodel@4.1.14.1
purl	pkg:gem/activemodel@4.1.14.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activemodel@4.1.14.1

url	pkg:gem/activemodel@4.2.5.1
purl	pkg:gem/activemodel@4.2.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activemodel@4.2.5.1

url	pkg:gem/activemodel@5.0.0.beta1.1
purl	pkg:gem/activemodel@5.0.0.beta1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activemodel@5.0.0.beta1.1

aliases CVE-2016-0753, GHSA-543v-gj2c-r3ch

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8bvv-wkyv-1fdp

url VCID-ub5f-tp3h-9qbe

vulnerability_id VCID-ub5f-tp3h-9qbe

summary

Duplicate Advisory: Moderate severity vulnerability that affects activemodel
## Duplicate advisory
This advisory has been withdrawn because it is a duplicate of [GHSA-543v-gj2c-r3ch](https://github.com/advisories/GHSA-543v-gj2c-r3ch). This link is maintained to preserve external references.

## Original Description
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.

references

reference_url

https://github.com/advisories/GHSA-v543-gqhh-6gww

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-v543-gqhh-6gww

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0753

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0753

fixed_packages

url	pkg:gem/activemodel@4.1.14.1
purl	pkg:gem/activemodel@4.1.14.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activemodel@4.1.14.1

url	pkg:gem/activemodel@4.2.5.1
purl	pkg:gem/activemodel@4.2.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activemodel@4.2.5.1

aliases GHSA-v543-gqhh-6gww

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ub5f-tp3h-9qbe

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activemodel@4.1.14.0

Package Instance