Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/320327?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/320327?format=api", "purl": "pkg:gem/actionpack@3.1.0", "type": "gem", "namespace": "", "name": "actionpack", "version": "3.1.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "8.1.2.1", "latest_non_vulnerable_version": "8.1.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26752?format=api", "vulnerability_id": "VCID-123f-6px7-3qdg", "summary": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` (dot dot) in a pathname.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90494", "scoring_system": "epss", "scoring_elements": "0.99626", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752" }, { "reference_url": "https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ" }, { "reference_url": "https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801" }, { "reference_url": "https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752" }, { "reference_url": "https://www.exploit-db.com/exploits/40561", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/40561" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/13" }, { "reference_url": "http://www.securityfocus.com/bid/81801", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.securityfocus.com/bid/81801" }, { "reference_url": "http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963", "reference_id": "1301963", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963" }, { "reference_url": "https://www.exploit-db.com/exploits/40561/", "reference_id": "40561", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "https://www.exploit-db.com/exploits/40561/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb", "reference_id": "CVE-2016-0752", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60449?format=api", "purl": "pkg:gem/actionpack@3.2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v4sh-tkkf-xfeh" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60450?format=api", "purl": "pkg:gem/actionpack@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v4sh-tkkf-xfeh" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60448?format=api", "purl": "pkg:gem/actionpack@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v4sh-tkkf-xfeh" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1" } ], "aliases": [ "CVE-2016-0752", "GHSA-xrr4-p6fq-hjg7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-123f-6px7-3qdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27093?format=api", "vulnerability_id": "VCID-1b9z-efz6-9fdu", "summary": "actionpack Improper Input Validation vulnerability\nThe template selection functionality in `actionpack/lib/action_view/template/resolver.rb` in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a \"filter skipping vulnerability.\"", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.7458", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2929" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731432", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731432" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2929", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2929" }, { "reference_url": "https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://github.com/advisories/GHSA-r7q2-5gqg-6c7q", "reference_id": "GHSA-r7q2-5gqg-6c7q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7q2-5gqg-6c7q" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-2929", "GHSA-r7q2-5gqg-6c7q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1b9z-efz6-9fdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26543?format=api", "vulnerability_id": "VCID-1xbd-73qv-mff9", "summary": "actionpack Improper Authentication vulnerability\nThe `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.7707", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3424" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3424", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3424" }, { "reference_url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=843711", "reference_id": "843711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843711" }, { "reference_url": "https://github.com/advisories/GHSA-92w9-2pqw-rhjj", "reference_id": "GHSA-92w9-2pqw-rhjj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92w9-2pqw-rhjj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60291?format=api", "purl": "pkg:gem/actionpack@3.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/379461?format=api", "purl": "pkg:gem/actionpack@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5a2t-fre4-zkay" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60293?format=api", "purl": "pkg:gem/actionpack@3.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.7" } ], "aliases": [ "CVE-2012-3424", "GHSA-92w9-2pqw-rhjj", "OSV-84243" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xbd-73qv-mff9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26661?format=api", "vulnerability_id": "VCID-3edd-m27s-a3ek", "summary": "actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request\n`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2694", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44664", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2694" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a" }, { "reference_url": "https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2694", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2694" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=831581", "reference_id": "831581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831581" }, { "reference_url": "https://github.com/advisories/GHSA-q34c-48gc-m9g8", "reference_id": "GHSA-q34c-48gc-m9g8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q34c-48gc-m9g8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60354?format=api", "purl": "pkg:gem/actionpack@3.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/60355?format=api", "purl": "pkg:gem/actionpack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.6" } ], "aliases": [ "CVE-2012-2694", "GHSA-q34c-48gc-m9g8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3edd-m27s-a3ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26815?format=api", "vulnerability_id": "VCID-3rn4-abmh-nkhv", "summary": "actionpack allows bypass of database-query restrictions\n`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66784", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/403", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/403" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6417" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-6417", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-6417" }, { "reference_url": "https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036409", "reference_id": "1036409", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036409" }, { "reference_url": "https://github.com/advisories/GHSA-wpw7-wxjm-cw8r", "reference_id": "GHSA-wpw7-wxjm-cw8r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpw7-wxjm-cw8r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1794", "reference_id": "RHSA-2013:1794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0008", "reference_id": "RHSA-2014:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0469", "reference_id": "RHSA-2014:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0469" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60329?format=api", "purl": "pkg:gem/actionpack@3.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/60332?format=api", "purl": "pkg:gem/actionpack@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2" } ], "aliases": [ "CVE-2013-6417", "GHSA-wpw7-wxjm-cw8r", "OSV-100527" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3rn4-abmh-nkhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27036?format=api", "vulnerability_id": "VCID-4bzb-ft3d-dkgg", "summary": "actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/form_tag_helper.rb` in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the `prompt` field to the `select_tag` helper.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56331", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3463" }, { "reference_url": "https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3463", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3463" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847196", "reference_id": "847196", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847196" }, { "reference_url": "https://github.com/advisories/GHSA-98mf-8f57-64qf", "reference_id": "GHSA-98mf-8f57-64qf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98mf-8f57-64qf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60491?format=api", "purl": "pkg:gem/actionpack@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/379461?format=api", "purl": "pkg:gem/actionpack@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5a2t-fre4-zkay" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60492?format=api", "purl": "pkg:gem/actionpack@3.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8" } ], "aliases": [ "CVE-2012-3463", "GHSA-98mf-8f57-64qf", "OSV-84515" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4bzb-ft3d-dkgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41310?format=api", "vulnerability_id": "VCID-4w1v-z4zj-6ydp", "summary": "Untrusted users can run pending migrations in production in Rails\nThere is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.\n\nThis vulnerability has been assigned the CVE identifier CVE-2020-8185.\n\nVersions Affected: 6.0.0 < rails < 6.0.3.2\nNot affected: Applications with `config.action_dispatch.show_exceptions = false` (this is not a default setting in production)\nFixed Versions: rails >= 6.0.3.2\n\nImpact\n------\n\nUsing this issue, an attacker would be able to execute any migrations that are pending for a Rails app running in production mode. It is important to note that an attacker is limited to running migrations the application developer has already defined in their application and ones that have not already run.\n\nWorkarounds\n-----------\n\nUntil such time as the patch can be applied, application developers should disable the ActionDispatch middleware in their production environment via a line such as this one in their config/environment/production.rb:\n\n`config.middleware.delete ActionDispatch::ActionableExceptions`", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.7189", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8185" }, { "reference_url": "https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0" }, { "reference_url": "https://hackerone.com/reports/899069", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/899069" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8185", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8185" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852380", "reference_id": "1852380", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852380" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081", "reference_id": "964081", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081" }, { "reference_url": "https://github.com/advisories/GHSA-c6qr-h5vq-59jc", "reference_id": "GHSA-c6qr-h5vq-59jc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6qr-h5vq-59jc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74968?format=api", "purl": "pkg:gem/actionpack@6.0.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25ru-4qks-7yf3" }, { "vulnerability": "VCID-4fyg-vxpj-c7d7" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-be5x-uyc6-sudm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-fdqs-v9b2-53gu" }, { "vulnerability": "VCID-fgtd-zx7r-rygb" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mgjg-juur-rfe5" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-re7g-rxbm-dbd9" }, { "vulnerability": "VCID-uppk-66vw-gbb9" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-z16b-zfgu-13a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.2" } ], "aliases": [ "CVE-2020-8185", "GHSA-c6qr-h5vq-59jc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4w1v-z4zj-6ydp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27188?format=api", "vulnerability_id": "VCID-58sa-6uag-z7hp", "summary": "actionpack Improper Input Validation vulnerability\n`active_support/core_ext/hash/conversions.rb` in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0153.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0153.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91907", "scoring_system": "epss", "scoring_elements": "0.99708", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0156" }, { "reference_url": "https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0156" }, { "reference_url": "https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" }, { "reference_url": "https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "reference_url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2604", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2604" }, { "reference_url": "http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html" }, { "reference_url": "http://www.insinuator.net/2013/01/rails-yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.insinuator.net/2013/01/rails-yaml" }, { "reference_url": "http://www.insinuator.net/2013/01/rails-yaml/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.insinuator.net/2013/01/rails-yaml/" }, { "reference_url": "http://www.kb.cert.org/vuls/id/380039", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/380039" }, { "reference_url": "http://www.kb.cert.org/vuls/id/628463", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/628463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722", "reference_id": "697722", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892870", "reference_id": "892870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892870" }, { "reference_url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/", "reference_id": "CVE-2013-0156", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb", "reference_id": "CVE-2013-0156;OSVDB-89026", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb", "reference_id": "CVE-2013-0156;OSVDB-89026", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb" }, { "reference_url": "https://github.com/advisories/GHSA-jmgw-6vjg-jjwg", "reference_id": "GHSA-jmgw-6vjg-jjwg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmgw-6vjg-jjwg" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0153", "reference_id": "RHSA-2013:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60624?format=api", "purl": "pkg:gem/actionpack@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/379461?format=api", "purl": "pkg:gem/actionpack@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5a2t-fre4-zkay" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60626?format=api", "purl": "pkg:gem/actionpack@3.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.11" } ], "aliases": [ "CVE-2013-0156", "GHSA-jmgw-6vjg-jjwg", "OSV-89026" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-58sa-6uag-z7hp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26589?format=api", "vulnerability_id": "VCID-5a2t-fre4-zkay", "summary": "Cross-site Scripting in actionpack\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/form_options_helper.rb` in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1099", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.60937", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1099" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=799276", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=799276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099" }, { "reference_url": "https://github.com/advisories/GHSA-2xjj-5x6h-8vmf", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xjj-5x6h-8vmf" }, { "reference_url": "https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1099", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1099" }, { "reference_url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2466", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2466" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/02/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/02/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/03/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60327?format=api", "purl": "pkg:gem/actionpack@3.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/379461?format=api", "purl": "pkg:gem/actionpack@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5a2t-fre4-zkay" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60328?format=api", "purl": "pkg:gem/actionpack@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.2" } ], "aliases": [ "CVE-2012-1099", "GHSA-2xjj-5x6h-8vmf", "OSV-79727" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5a2t-fre4-zkay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26679?format=api", "vulnerability_id": "VCID-5pfg-7ntp-eff4", "summary": "Cross-site Scripting vulnerability in i18n translations helper method\nCross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an \"html\" substring.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1" }, { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/18/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/18/8" }, { "reference_url": "http://osvdb.org/77199", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/77199" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4319", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.70015", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4319" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71364", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71364" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c" }, { "reference_url": "https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade" }, { "reference_url": "https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4319", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4319" }, { "reference_url": "https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722" }, { "reference_url": "https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342" }, { "reference_url": "http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released" }, { "reference_url": "http://www.securityfocus.com/bid/50722", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/50722" }, { "reference_url": "http://www.securitytracker.com/id?1026342", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1026342" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=755004", "reference_id": "755004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=755004" }, { "reference_url": "https://github.com/advisories/GHSA-xxr8-833v-c7wc", "reference_id": "GHSA-xxr8-833v-c7wc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxr8-833v-c7wc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60360?format=api", "purl": "pkg:gem/actionpack@3.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5a2t-fre4-zkay" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.2" } ], "aliases": [ "CVE-2011-4319", "GHSA-xxr8-833v-c7wc", "OSV-77199" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5pfg-7ntp-eff4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26687?format=api", "vulnerability_id": "VCID-5psk-hzaf-1kbz", "summary": "actionpack vulnerable to Cross-site Scripting\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/translation_helper.rb` in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00713", "scoring_system": "epss", "scoring_elements": "0.72631", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/401", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/401" }, { "reference_url": "https://github.com/advisories/GHSA-699m-mcjm-9cw8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-699m-mcjm-9cw8" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4491" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036922", "reference_id": "1036922", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1794", "reference_id": "RHSA-2013:1794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0008", "reference_id": "RHSA-2014:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60329?format=api", "purl": "pkg:gem/actionpack@3.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/60332?format=api", "purl": "pkg:gem/actionpack@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2" } ], "aliases": [ "CVE-2013-4491", "GHSA-699m-mcjm-9cw8", "OSV-100528" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5psk-hzaf-1kbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41466?format=api", "vulnerability_id": "VCID-6z21-pd9d-pfgk", "summary": "Possible Strong Parameters Bypass in ActionPack\nThere is a strong parameters bypass vector in ActionPack.\n\nVersions Affected: rails <= 6.0.3\nNot affected: rails < 5.0.0\nFixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1\n\nImpact\n------\nIn some cases user supplied information can be inadvertently leaked from\nStrong Parameters. Specifically the return value of `each`, or `each_value`,\nor `each_pair` will return the underlying \"untrusted\" hash of data that was\nread from the parameters. Applications that use this return value may be\ninadvertently use untrusted user input.\n\nImpacted code will look something like this:\n\n```\ndef update\n # Attacker has included the parameter: `{ is_admin: true }`\n User.update(clean_up_params)\nend\n\ndef clean_up_params\n params.each { |k, v| SomeModel.check(v) if k == :name }\nend\n```\n\nNote the mistaken use of `each` in the `clean_up_params` method in the above\nexample.\n\nWorkarounds\n-----------\nDo not use the return values of `each`, `each_value`, or `each_pair` in your\napplication.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91842", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY" }, { "reference_url": "https://hackerone.com/reports/292797", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/292797" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8164" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4766", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842634", "reference_id": "1842634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842634" }, { "reference_url": "https://github.com/advisories/GHSA-8727-m6gj-mc37", "reference_id": "GHSA-8727-m6gj-mc37", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8727-m6gj-mc37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75127?format=api", "purl": "pkg:gem/actionpack@5.2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4fyg-vxpj-c7d7" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-be5x-uyc6-sudm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-re7g-rxbm-dbd9" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-z16b-zfgu-13a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/75131?format=api", "purl": "pkg:gem/actionpack@6.0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25ru-4qks-7yf3" }, { "vulnerability": "VCID-4fyg-vxpj-c7d7" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-be5x-uyc6-sudm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-fdqs-v9b2-53gu" }, { "vulnerability": "VCID-fgtd-zx7r-rygb" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mgjg-juur-rfe5" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-re7g-rxbm-dbd9" }, { "vulnerability": "VCID-uppk-66vw-gbb9" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-z16b-zfgu-13a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.1" } ], "aliases": [ "CVE-2020-8164", "GHSA-8727-m6gj-mc37" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6z21-pd9d-pfgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26756?format=api", "vulnerability_id": "VCID-8nkw-8mka-1ygk", "summary": "actionpack Improper Input Validation vulnerability\nThe `to_s` method in `actionpack/lib/action_dispatch/middleware/remote_ip.rb` in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08484", "scoring_system": "epss", "scoring_elements": "0.92485", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3187" }, { "reference_url": "https://bugzilla.novell.com/show_bug.cgi?id=673010", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.novell.com/show_bug.cgi?id=673010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3187" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3187", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3187" }, { "reference_url": "https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html" }, { "reference_url": "http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35352.rb", "reference_id": "CVE-2011-3187;OSVDB-73733", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35352.rb" }, { "reference_url": "https://www.securityfocus.com/bid/46423/info", "reference_id": "CVE-2011-3187;OSVDB-73733", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/46423/info" }, { "reference_url": "https://github.com/advisories/GHSA-3vfw-7rcp-3xgm", "reference_id": "GHSA-3vfw-7rcp-3xgm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vfw-7rcp-3xgm" } ], "fixed_packages": [], "aliases": [ "CVE-2011-3187", "GHSA-3vfw-7rcp-3xgm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nkw-8mka-1ygk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36017?format=api", "vulnerability_id": "VCID-98gu-r7wd-cuah", "summary": "ReDoS based DoS vulnerability in Action Dispatch\nThere is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792.\n\nVersions Affected: >= 3.0.0 Not affected: < 3.0.0 Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1\nImpact\n\nSpecially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.\nReleases\n\nThe FIXED releases are available at the normal locations.\nWorkarounds\n\nWe recommend that all users upgrade to one of the FIXED versions. In the meantime, users can mitigate this vulnerability by using a load balancer or other device to filter out malicious X_FORWARDED_HOST headers before they reach the application.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n 6-1-Use-string-split-instead-of-regex-for-domain-parts.patch - Patch for 6.1 series\n 7-0-Use-string-split-instead-of-regex-for-domain-parts.patch - Patch for 7.0 series\n\nPlease note that only the 7.0.Z and 6.1.Z series are supported at present, and 6.0.Z for severe vulnerabilities. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.\n\nhttps://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02326", "scoring_system": "epss", "scoring_elements": "0.85075", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22792" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0007" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164800", "reference_id": "2164800", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164800" }, { "reference_url": "https://github.com/advisories/GHSA-p84v-45xj-wwqj", "reference_id": "GHSA-p84v-45xj-wwqj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p84v-45xj-wwqj" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0007/", "reference_id": "ntap-20240202-0007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383446?format=api", "purl": "pkg:gem/actionpack@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/68357?format=api", "purl": "pkg:gem/actionpack@5.2.8.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/68359?format=api", "purl": "pkg:gem/actionpack@6.1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/68361?format=api", "purl": "pkg:gem/actionpack@7.0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-ndth-atqq-53gq" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1" } ], "aliases": [ "CVE-2023-22792", "GHSA-p84v-45xj-wwqj", "GMS-2023-58" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-98gu-r7wd-cuah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26727?format=api", "vulnerability_id": "VCID-9gqn-8g4t-wfby", "summary": "actionpack Cross-site Scripting vulnerability\nThe `sanitize_css` method in `lib/action_controller/vendor/html-scanner/html/sanitizer.rb` in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle `\\n` (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0698", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-1855" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67744", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1855" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921331", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1855" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://github.com/advisories/GHSA-q759-hwvc-m3jg", "reference_id": "GHSA-q759-hwvc-m3jg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q759-hwvc-m3jg" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60415?format=api", "purl": "pkg:gem/actionpack@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/60416?format=api", "purl": "pkg:gem/actionpack@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13" } ], "aliases": [ "CVE-2013-1855", "GHSA-q759-hwvc-m3jg", "OSV-91452" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gqn-8g4t-wfby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27189?format=api", "vulnerability_id": "VCID-a6wp-n5yh-ybcv", "summary": "Improper Input Validation in actionpack\nRuby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" }, { "reference_url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup" }, { "reference_url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2008-7248", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2008-7248" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-7248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11409", "scoring_system": "epss", "scoring_elements": "0.93687", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-7248" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=544329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "http://secunia.com/advisories/38915", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/38915" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7248", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7248" }, { "reference_url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup" }, { "reference_url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/" }, { "reference_url": "https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2009/11/28/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2009/11/28/1" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2009/12/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2009/12/02/2" }, { "reference_url": "https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html" }, { "reference_url": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/28/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/28/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/12/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/12/02/2" }, { "reference_url": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685", "reference_id": "558685", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt", "reference_id": "CVE-2008-7248;OSVDB-61124", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt" }, { "reference_url": "https://www.securityfocus.com/bid/37322/info", "reference_id": "CVE-2008-7248;OSVDB-61124", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/37322/info" }, { "reference_url": "https://github.com/advisories/GHSA-8fqx-7pv4-3jwm", "reference_id": "GHSA-8fqx-7pv4-3jwm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fqx-7pv4-3jwm" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [], "aliases": [ "CVE-2008-7248", "GHSA-8fqx-7pv4-3jwm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6wp-n5yh-ybcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27196?format=api", "vulnerability_id": "VCID-b4sv-b9pz-r7er", "summary": "actionview Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as \"HTML safe\" and used as attribute values in tag handlers.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.82169", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6316" }, { "reference_url": "https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430" }, { "reference_url": "https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3651", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3651" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/08/11/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365008", "reference_id": "1365008", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365008" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155", "reference_id": "834155", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155" }, { "reference_url": "https://github.com/advisories/GHSA-pc3m-v286-2jwj", "reference_id": "GHSA-pc3m-v286-2jwj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pc3m-v286-2jwj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1855", "reference_id": "RHSA-2016:1855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1856", "reference_id": "RHSA-2016:1856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1857", "reference_id": "RHSA-2016:1857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1858", "reference_id": "RHSA-2016:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/367935?format=api", "purl": "pkg:gem/actionpack@3.2.22.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.3" } ], "aliases": [ "CVE-2016-6316", "GHSA-pc3m-v286-2jwj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4sv-b9pz-r7er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26736?format=api", "vulnerability_id": "VCID-bfbp-7umh-2fcp", "summary": "actionpack and activesupport vulnerable to information leaks\nA certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68454", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0" }, { "reference_url": "https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978" }, { "reference_url": "https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3086", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3086" }, { "reference_url": "https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600" }, { "reference_url": "https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427" }, { "reference_url": "http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2260", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2260" }, { "reference_url": "http://www.securityfocus.com/bid/37427", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/37427" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "545063", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "https://github.com/advisories/GHSA-fg9w-g6m4-557j", "reference_id": "GHSA-fg9w-g6m4-557j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fg9w-g6m4-557j" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3086", "GHSA-fg9w-g6m4-557j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bfbp-7umh-2fcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26991?format=api", "vulnerability_id": "VCID-cs1f-uhb2-xkcm", "summary": "actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in the simple_format helper in `actionpack/lib/action_view/helpers/text_helper.rb` in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46624", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6416" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/404", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/404" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6416", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6416" }, { "reference_url": "https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036914", "reference_id": "1036914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036914" }, { "reference_url": "https://github.com/advisories/GHSA-w37c-q653-qg95", "reference_id": "GHSA-w37c-q653-qg95", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w37c-q653-qg95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/320357?format=api", "purl": "pkg:gem/actionpack@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5a2t-fre4-zkay" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-v4sh-tkkf-xfeh" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60332?format=api", "purl": "pkg:gem/actionpack@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2" } ], "aliases": [ "CVE-2013-6416", "GHSA-w37c-q653-qg95", "OSV-100526" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cs1f-uhb2-xkcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7891?format=api", "vulnerability_id": "VCID-dd87-gevs-juhe", "summary": "Possible ReDoS vulnerability in query parameter filtering in Action Dispatch\nThere is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128.\n\nImpact\n------\n\nCarefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.\n\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nUsers on Ruby 3.2 are unaffected by this issue.\n\n\nCredits\n-------\n\nThanks to [scyoon](https://hackerone.com/scyoon) for the report and patches!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2024-41128", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://access.redhat.com/security/cve/cve-2024-41128" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00774", "scoring_system": "epss", "scoring_elements": "0.73902", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41128" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319036", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319036" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075" }, { "reference_url": "https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef" }, { "reference_url": "https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891" }, { "reference_url": "https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41128", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41128" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://github.com/advisories/GHSA-x76w-6vjr-8xgj", "reference_id": "GHSA-x76w-6vjr-8xgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x76w-6vjr-8xgj" }, { "reference_url": "https://usn.ubuntu.com/7290-1/", "reference_id": "USN-7290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20014?format=api", "purl": "pkg:gem/actionpack@6.1.7.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/383480?format=api", "purl": "pkg:gem/actionpack@7.0.0.alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20015?format=api", "purl": "pkg:gem/actionpack@7.0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/383673?format=api", "purl": "pkg:gem/actionpack@7.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20016?format=api", "purl": "pkg:gem/actionpack@7.1.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/38974?format=api", "purl": "pkg:gem/actionpack@7.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20017?format=api", "purl": "pkg:gem/actionpack@7.2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/383949?format=api", "purl": "pkg:gem/actionpack@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1" } ], "aliases": [ "CVE-2024-41128", "GHSA-x76w-6vjr-8xgj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dd87-gevs-juhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7792?format=api", "vulnerability_id": "VCID-eeru-6pyc-8bcd", "summary": "Possible ReDoS vulnerability in HTTP Token authentication in Action Controller\nThere is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887.\n\nImpact\n------\n\nFor applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nUsers on Ruby 3.2 are unaffected by this issue.\n\n\nCredits\n-------\nThanks to [scyoon](https://hackerone.com/scyoon) for reporting", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56344", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319034", "reference_id": "2319034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319034" }, { "reference_url": "https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049", "reference_id": "56b2fc3302836405b496e196a8d5fc0195e55049", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049" }, { "reference_url": "https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a", "reference_id": "7c1398854d51f9bb193fb79f226647351133d08a", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a" }, { "reference_url": "https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545", "reference_id": "8e057db25bff1dc7a98e9ae72e0083825b9ac545", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47887", "reference_id": "CVE-2024-47887", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47887" }, { "reference_url": "https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2", "reference_id": "f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2" }, { "reference_url": "https://github.com/advisories/GHSA-vfg9-r3fq-jvx4", "reference_id": "GHSA-vfg9-r3fq-jvx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vfg9-r3fq-jvx4" }, { "reference_url": "https://usn.ubuntu.com/7290-1/", "reference_id": "USN-7290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20014?format=api", "purl": "pkg:gem/actionpack@6.1.7.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/383480?format=api", "purl": "pkg:gem/actionpack@7.0.0.alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20015?format=api", "purl": "pkg:gem/actionpack@7.0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/383673?format=api", "purl": "pkg:gem/actionpack@7.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20016?format=api", "purl": "pkg:gem/actionpack@7.1.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/38974?format=api", "purl": "pkg:gem/actionpack@7.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20017?format=api", "purl": "pkg:gem/actionpack@7.2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/383949?format=api", "purl": "pkg:gem/actionpack@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1" } ], "aliases": [ "CVE-2024-47887", "GHSA-vfg9-r3fq-jvx4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eeru-6pyc-8bcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26536?format=api", "vulnerability_id": "VCID-ejgq-s79w-abd6", "summary": "rails Cross-site Scripting vulnerability\nThe cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/06/09/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/06/09/2" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/06/13/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/06/13/9" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63551", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2197" }, { "reference_url": "http://secunia.com/advisories/44789", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44789" }, { "reference_url": "https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd" }, { "reference_url": "https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2197", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2197" }, { "reference_url": "http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications" }, { "reference_url": "https://github.com/advisories/GHSA-v9v4-7jp6-8c73", "reference_id": "GHSA-v9v4-7jp6-8c73", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v9v4-7jp6-8c73" } ], "fixed_packages": [], "aliases": [ "CVE-2011-2197", "GHSA-v9v4-7jp6-8c73" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ejgq-s79w-abd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26961?format=api", "vulnerability_id": "VCID-g13k-qvy7-q3fk", "summary": "Rails actionpack gem vulnerable to Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in the `mail_to` helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71678", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446" }, { "reference_url": "http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43274" }, { "reference_url": "http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43666" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217" }, { "reference_url": "https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0446", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0446" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666" }, { "reference_url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291" }, { "reference_url": "https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2247", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2247" }, { "reference_url": "http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/46291" }, { "reference_url": "http://www.securitytracker.com/id?1025064", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1025064" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0587", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0587" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864", "reference_id": "614864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864" }, { "reference_url": "https://github.com/advisories/GHSA-75w6-p6mg-vh8j", "reference_id": "GHSA-75w6-p6mg-vh8j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75w6-p6mg-vh8j" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-0446", "GHSA-75w6-p6mg-vh8j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g13k-qvy7-q3fk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27198?format=api", "vulnerability_id": "VCID-g2a6-uem4-uuce", "summary": "actionpack Cross-Site Request Forgery vulnerability\nRuby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage \"combinations of browser plugins and HTTP redirects,\" a related issue to CVE-2011-0696.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.77177", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447" }, { "reference_url": "http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43274" }, { "reference_url": "http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43666" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034" }, { "reference_url": "https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0447", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0447" }, { "reference_url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291" }, { "reference_url": "https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060" }, { "reference_url": "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2247", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2247" }, { "reference_url": "http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/46291" }, { "reference_url": "http://www.securitytracker.com/id?1025060", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1025060" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0587", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0587" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864", "reference_id": "614864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864" }, { "reference_url": "https://github.com/advisories/GHSA-24fg-p96v-hxh8", "reference_id": "GHSA-24fg-p96v-hxh8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-24fg-p96v-hxh8" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-0447", "GHSA-24fg-p96v-hxh8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2a6-uem4-uuce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27179?format=api", "vulnerability_id": "VCID-hh65-ycrj-d7gz", "summary": "actionpack Path Traversal vulnerability\nDirectory traversal vulnerability in `actionpack/lib/abstract_controller/base.rb` in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.", "references": [ { "reference_url": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/" } ], "url": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf" }, { "reference_url": "http://osvdb.org/show/osvdb/106704", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/show/osvdb/106704" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0510", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-0130" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.5271", "scoring_system": "epss", "scoring_elements": "0.97988", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0130" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095105", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0130" }, { "reference_url": "https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244" }, { "reference_url": "https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf" }, { "reference_url": "https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130" }, { "reference_url": "http://www.securityfocus.com/bid/67244", "reference_id": "67244", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/" } ], "url": "http://www.securityfocus.com/bid/67244" }, { "reference_url": "https://github.com/advisories/GHSA-6x85-j5j2-27jx", "reference_id": "GHSA-6x85-j5j2-27jx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6x85-j5j2-27jx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60612?format=api", "purl": "pkg:gem/actionpack@3.2.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/60614?format=api", "purl": "pkg:gem/actionpack@4.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/60615?format=api", "purl": "pkg:gem/actionpack@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1" } ], "aliases": [ "CVE-2014-0130", "GHSA-6x85-j5j2-27jx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hh65-ycrj-d7gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26735?format=api", "vulnerability_id": "VCID-jpj6-wzp3-m3e4", "summary": "actionpack Improper Input Validation vulnerability\n`actionpack/lib/action_view/template/text.rb` in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the `:text` option to the `render` method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/10" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06456", "scoring_system": "epss", "scoring_elements": "0.91211", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082" }, { "reference_url": "https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ" }, { "reference_url": "https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082" }, { "reference_url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release" }, { "reference_url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538", "reference_id": "1065538", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538" }, { "reference_url": "https://github.com/advisories/GHSA-7cgp-c3g7-qvrw", "reference_id": "GHSA-7cgp-c3g7-qvrw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7cgp-c3g7-qvrw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0215", "reference_id": "RHSA-2014:0215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0306", "reference_id": "RHSA-2014:0306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0306" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60423?format=api", "purl": "pkg:gem/actionpack@3.2.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/367302?format=api", "purl": "pkg:gem/actionpack@4.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/320290?format=api", "purl": "pkg:gem/actionpack@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5az9-zqff-5kav" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-8p57-4fhz-v3gh" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-hvua-jhzn-97fr" }, { "vulnerability": "VCID-k651-yq6k-cyc9" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-p2yz-5pzq-nyag" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rnnm-ck7u-fydy" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-v4sh-tkkf-xfeh" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0" } ], "aliases": [ "CVE-2014-0082", "GHSA-7cgp-c3g7-qvrw", "OSV-103440" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jpj6-wzp3-m3e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36078?format=api", "vulnerability_id": "VCID-k6aw-heeb-wke2", "summary": "ReDoS based DoS vulnerability in Action Dispatch\nThere is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795.\n\nVersions Affected: All Not affected: None Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1\n\nImpact\n\nA specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.\nReleases\n\nThe FIXED releases are available at the normal locations.\nWorkarounds\n\nWe recommend that all users upgrade to one of the FIXED versions. In the meantime, users can mitigate this vulnerability by using a load balancer or other device to filter out malicious If-None-Match headers before they reach the application.\n\nUsers on Ruby 3.2.0 or greater are not affected by this vulnerability.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n 6-1-Avoid-regex-backtracking-on-If-None-Match-header.patch - Patch for 6.1 series\n 7-0-Avoid-regex-backtracking-on-If-None-Match-header.patch - Patch for 7.0 series\n\nPlease note that only the 7.0.Z and 6.1.Z series are supported at present, and 6.0.Z for severe vulnerabilities. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01339", "scoring_system": "epss", "scoring_elements": "0.80309", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f" }, { "reference_url": "https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0" }, { "reference_url": "https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164799", "reference_id": "2164799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164799" }, { "reference_url": "https://github.com/advisories/GHSA-8xww-x3g3-6jcv", "reference_id": "GHSA-8xww-x3g3-6jcv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8xww-x3g3-6jcv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383446?format=api", "purl": "pkg:gem/actionpack@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/68359?format=api", "purl": "pkg:gem/actionpack@6.1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/68361?format=api", "purl": "pkg:gem/actionpack@7.0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-ndth-atqq-53gq" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1" } ], "aliases": [ "CVE-2023-22795", "GHSA-8xww-x3g3-6jcv", "GMS-2023-56" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6aw-heeb-wke2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42605?format=api", "vulnerability_id": "VCID-kshz-ckjc-77ab", "summary": "tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag helpers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01409", "scoring_system": "epss", "scoring_elements": "0.80797", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27777" }, { "reference_url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982", "reference_id": "1016982", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080296", "reference_id": "2080296", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080296" }, { "reference_url": "https://github.com/advisories/GHSA-ch3h-j2vf-95pv", "reference_id": "GHSA-ch3h-j2vf-95pv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ch3h-j2vf-95pv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85019?format=api", "purl": "pkg:gem/actionpack@5.2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/85020?format=api", "purl": "pkg:gem/actionpack@6.0.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/85021?format=api", "purl": "pkg:gem/actionpack@6.1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/85022?format=api", "purl": "pkg:gem/actionpack@7.0.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-ndth-atqq-53gq" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-z277-4dtj-zfbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.2.4" } ], "aliases": [ "CVE-2022-27777", "GHSA-ch3h-j2vf-95pv", "GMS-2022-1138" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kshz-ckjc-77ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38171?format=api", "vulnerability_id": "VCID-m9ud-s6w6-x7ac", "summary": "actionpack: Possible XSS via User Supplied Values to redirect_to", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45261", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441" }, { "reference_url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5" }, { "reference_url": "https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28362" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250502-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250502-0009" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058", "reference_id": "1051058", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217785", "reference_id": "2217785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217785" }, { "reference_url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf", "reference_id": "GHSA-4g8v-vg43-wpgf", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7851", "reference_id": "RHSA-2023:7851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7851" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71978?format=api", "purl": "pkg:gem/actionpack@6.1.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/71979?format=api", "purl": "pkg:gem/actionpack@7.0.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ndth-atqq-53gq" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.5.1" } ], "aliases": [ "CVE-2023-28362", "GHSA-4g8v-vg43-wpgf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m9ud-s6w6-x7ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26600?format=api", "vulnerability_id": "VCID-mnh7-4rvx-suay", "summary": "Action Pack contains database-query restrictions bypass\n`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `[nil]` values, a related issue to CVE-2012-2694.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.3656", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b" }, { "reference_url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml" }, { "reference_url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353", "reference_id": "827353", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353" }, { "reference_url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf", "reference_id": "GHSA-hgpp-pp89-4fgf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60338?format=api", "purl": "pkg:gem/actionpack@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/60339?format=api", "purl": "pkg:gem/actionpack@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4" } ], "aliases": [ "CVE-2012-2660", "GHSA-hgpp-pp89-4fgf", "OSV-82610" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mnh7-4rvx-suay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45383?format=api", "vulnerability_id": "VCID-n7ga-1sx4-yfcv", "summary": "rubygem-actionpack: Possible Open Redirect Vulnerability in Action Pack", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22903", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2653", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22903" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.3.2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0" }, { "reference_url": "https://hackerone.com/reports/1148025", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1148025" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22903", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22903" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957438", "reference_id": "1957438", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957438" }, { "reference_url": "https://security.archlinux.org/AVG-1919", "reference_id": "AVG-1919", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1919" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79596?format=api", "purl": "pkg:gem/actionpack@6.1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-be5x-uyc6-sudm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-fdqs-v9b2-53gu" }, { "vulnerability": "VCID-fgtd-zx7r-rygb" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-re7g-rxbm-dbd9" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2" } ], "aliases": [ "CVE-2021-22903", "GHSA-5hq2-xf89-9jxq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n7ga-1sx4-yfcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27042?format=api", "vulnerability_id": "VCID-n7kh-9mpq-13c7", "summary": "Cross site scripting that affects rails\nCross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.8221", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "http://secunia.com/advisories/36717", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36717" }, { "reference_url": "http://securitytracker.com/id?1022824", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1022824" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53036", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53036" }, { "reference_url": "https://github.com/advisories/GHSA-8qrh-h9m2-5fvf", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8qrh-h9m2-5fvf" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3009", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3009" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2009/dsa-1887", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2009/dsa-1887" }, { "reference_url": "http://www.osvdb.org/57666", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.osvdb.org/57666" }, { "reference_url": "http://www.securityfocus.com/bid/36278", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/36278" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=520843", "reference_id": "520843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520843" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "545063", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3009", "GHSA-8qrh-h9m2-5fvf", "OSV-57666" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n7kh-9mpq-13c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26994?format=api", "vulnerability_id": "VCID-nax4-x97j-9fgr", "summary": "actionpack Improper Input Validation vulnerability\n`actionpack/lib/action_view/lookup_context.rb` in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70843", "scoring_system": "epss", "scoring_elements": "0.98724", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/400", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/400" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6414" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-6414", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-6414" }, { "reference_url": "https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836" }, { "reference_url": "https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release" }, { "reference_url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036483", "reference_id": "1036483", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036483" }, { "reference_url": "https://github.com/advisories/GHSA-mpxf-gcw2-pw5q", "reference_id": "GHSA-mpxf-gcw2-pw5q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mpxf-gcw2-pw5q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1794", "reference_id": "RHSA-2013:1794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0008", "reference_id": "RHSA-2014:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60329?format=api", "purl": "pkg:gem/actionpack@3.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/60332?format=api", "purl": "pkg:gem/actionpack@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2" } ], "aliases": [ "CVE-2013-6414", "GHSA-mpxf-gcw2-pw5q", "OSV-100525" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nax4-x97j-9fgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7604?format=api", "vulnerability_id": "VCID-nmz3-ux68-dkfd", "summary": "Rails: Action Pack: Action Pack: Cross-Site Scripting (XSS) via improper exception message escaping", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06147", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/" } ], "url": "https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33167", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450552", "reference_id": "2450552", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450552" }, { "reference_url": "https://github.com/advisories/GHSA-pgm4-439c-5jp6", "reference_id": "GHSA-pgm4-439c-5jp6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pgm4-439c-5jp6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56313?format=api", "purl": "pkg:gem/actionpack@8.1.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.1.2.1" } ], "aliases": [ "CVE-2026-33167", "GHSA-pgm4-439c-5jp6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nmz3-ux68-dkfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26598?format=api", "vulnerability_id": "VCID-nnka-c23v-qub7", "summary": "actionpack vulnerable to Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `number_to_currency` helper in `actionpack/lib/action_view/helpers/number_helper.rb` in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.8147", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/402", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/402" }, { "reference_url": "https://github.com/advisories/GHSA-6h5q-96hp-9jgm", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6h5q-96hp-9jgm" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6415" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-6415", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-6415" }, { "reference_url": "https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036910", "reference_id": "1036910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1794", "reference_id": "RHSA-2013:1794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0008", "reference_id": "RHSA-2014:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60329?format=api", "purl": "pkg:gem/actionpack@3.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/60332?format=api", "purl": "pkg:gem/actionpack@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2" } ], "aliases": [ "CVE-2013-6415", "GHSA-6h5q-96hp-9jgm", "OSV-100524" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nnka-c23v-qub7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26741?format=api", "vulnerability_id": "VCID-p1yd-keq8-rkh3", "summary": "actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in the `strip_tags` helper in `actionpack/lib/action_controller/vendor/html-scanner/html/node.rb` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2931", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.7456", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2931" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731436", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931" }, { "reference_url": "http://secunia.com/advisories/45921", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/45921" }, { "reference_url": "https://github.com/advisories/GHSA-v5jg-558j-q67c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v5jg-558j-q67c" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2931", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2931" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-2931", "GHSA-v5jg-558j-q67c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p1yd-keq8-rkh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9447?format=api", "vulnerability_id": "VCID-qth9-abgp-wyaq", "summary": "Possible Content Security Policy bypass in Action Dispatch\nThere is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper in Action Pack.\n\nImpact\n------\nApplications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nApplications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.\n\nCredits\n-------\nThanks to [ryotak](https://hackerone.com/ryotak) for the report!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40653", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49" }, { "reference_url": "https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a" }, { "reference_url": "https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542" }, { "reference_url": "https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54133", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54133" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250306-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250306-0010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755", "reference_id": "1089755", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331619", "reference_id": "2331619", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331619" }, { "reference_url": "https://github.com/advisories/GHSA-vfm5-rmrh-j26v", "reference_id": "GHSA-vfm5-rmrh-j26v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vfm5-rmrh-j26v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23690?format=api", "purl": "pkg:gem/actionpack@7.0.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmz3-ux68-dkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/383673?format=api", "purl": "pkg:gem/actionpack@7.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/23702?format=api", "purl": "pkg:gem/actionpack@7.1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmz3-ux68-dkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/38974?format=api", "purl": "pkg:gem/actionpack@7.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/23713?format=api", "purl": "pkg:gem/actionpack@7.2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmz3-ux68-dkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/383949?format=api", "purl": "pkg:gem/actionpack@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/23724?format=api", "purl": "pkg:gem/actionpack@8.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nmz3-ux68-dkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.1" } ], "aliases": [ "CVE-2024-54133", "GHSA-vfm5-rmrh-j26v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qth9-abgp-wyaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26749?format=api", "vulnerability_id": "VCID-r6mr-ay8d-nqdd", "summary": "actionpack is vulnerable to denial of service via a crafted HTTP Accept header\nactionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08895", "scoring_system": "epss", "scoring_elements": "0.92689", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17" }, { "reference_url": "https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6" }, { "reference_url": "https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751" }, { "reference_url": "https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/9" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946", "reference_id": "1301946", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946" }, { "reference_url": "https://github.com/advisories/GHSA-ffpv-c4hm-3x6v", "reference_id": "GHSA-ffpv-c4hm-3x6v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffpv-c4hm-3x6v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60449?format=api", "purl": "pkg:gem/actionpack@3.2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v4sh-tkkf-xfeh" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60450?format=api", "purl": "pkg:gem/actionpack@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v4sh-tkkf-xfeh" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60448?format=api", "purl": "pkg:gem/actionpack@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v4sh-tkkf-xfeh" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/367745?format=api", "purl": "pkg:gem/actionpack@5.0.0.beta1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1" } ], "aliases": [ "CVE-2016-0751", "GHSA-ffpv-c4hm-3x6v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6mr-ay8d-nqdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26876?format=api", "vulnerability_id": "VCID-rgw4-mrr9-euda", "summary": "actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56331", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3465" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77" }, { "reference_url": "https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3465", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3465" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847200", "reference_id": "847200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847200" }, { "reference_url": "https://github.com/advisories/GHSA-7g65-ghrg-hpf5", "reference_id": "GHSA-7g65-ghrg-hpf5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7g65-ghrg-hpf5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60491?format=api", "purl": "pkg:gem/actionpack@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/379461?format=api", "purl": "pkg:gem/actionpack@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5a2t-fre4-zkay" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60492?format=api", "purl": "pkg:gem/actionpack@3.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8" } ], "aliases": [ "CVE-2012-3465", "GHSA-7g65-ghrg-hpf5", "OSV-84513" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgw4-mrr9-euda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27073?format=api", "vulnerability_id": "VCID-sg9h-7dqr-xugu", "summary": "actionpack vulnerable to Path Traversal\nDirectory traversal vulnerability in `actionpack/lib/action_dispatch/middleware/static.rb` in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when `serve_static_assets` is enabled, allows remote attackers to determine the existence of files outside the application root via a `/..%2F` sequence.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7818", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44666", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818" }, { "reference_url": "https://github.com/advisories/GHSA-29gr-w57f-rpfw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-29gr-w57f-rpfw" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7818", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7818" }, { "reference_url": "https://puppet.com/security/cve/cve-2014-7829", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2014-7829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161499", "reference_id": "1161499", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161499" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934", "reference_id": "770934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60559?format=api", "purl": "pkg:gem/actionpack@3.2.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/60560?format=api", "purl": "pkg:gem/actionpack@4.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/380905?format=api", "purl": "pkg:gem/actionpack@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60561?format=api", "purl": "pkg:gem/actionpack@4.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/320317?format=api", "purl": "pkg:gem/actionpack@4.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60562?format=api", "purl": "pkg:gem/actionpack@4.2.0.beta3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta3" } ], "aliases": [ "CVE-2014-7818", "GHSA-29gr-w57f-rpfw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sg9h-7dqr-xugu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10072?format=api", "vulnerability_id": "VCID-v2hk-dfbe-5khc", "summary": "Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch\n# Possible ReDoS vulnerability in Accept header parsing in Action Dispatch\n\nThere is a possible ReDoS vulnerability in the Accept header parsing routines\nof Action Dispatch. This vulnerability has been assigned the CVE identifier\nCVE-2024-26142.\n\nVersions Affected: >= 7.1.0, < 7.1.3.1\nNot affected: < 7.1.0\nFixed Versions: 7.1.3.1\n\nImpact\n------\nCarefully crafted Accept headers can cause Accept header parsing in Action\nDispatch to take an unexpected amount of time, possibly resulting in a DoS\nvulnerability. All users running an affected release should either upgrade or\nuse one of the workarounds immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby\n3.2 or newer are unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 7-1-accept-redox.patch - Patch for 7.1 series\n\nCredits\n-------\nThanks [svalkanov](https://hackerone.com/svalkanov) for the report and patch!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03542", "scoring_system": "epss", "scoring_elements": "0.87875", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26142" }, { "reference_url": "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26142", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26142" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266324", "reference_id": "2266324", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266324" }, { "reference_url": "https://github.com/advisories/GHSA-jjhx-jhvp-74wq", "reference_id": "GHSA-jjhx-jhvp-74wq", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjhx-jhvp-74wq" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240503-0003/", "reference_id": "ntap-20240503-0003", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240503-0003/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25784?format=api", "purl": "pkg:gem/actionpack@7.1.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.1" } ], "aliases": [ "CVE-2024-26142", "GHSA-jjhx-jhvp-74wq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v2hk-dfbe-5khc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27000?format=api", "vulnerability_id": "VCID-v3u5-6bpb-qfgf", "summary": "Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \\ (backslash) character, a similar issue to CVE-2014-7818.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50107", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829" }, { "reference_url": "https://github.com/advisories/GHSA-h56m-vwxc-3qpw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h56m-vwxc-3qpw" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7829", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7829" }, { "reference_url": "https://puppet.com/security/cve/cve-2014-7829", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2014-7829" }, { "reference_url": "https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183" }, { "reference_url": "http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164659", "reference_id": "1164659", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164659" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934", "reference_id": "770934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60545?format=api", "purl": "pkg:gem/actionpack@3.2.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/367538?format=api", "purl": "pkg:gem/actionpack@4.0.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60546?format=api", "purl": "pkg:gem/actionpack@4.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/380905?format=api", "purl": "pkg:gem/actionpack@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/367539?format=api", "purl": "pkg:gem/actionpack@4.1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60544?format=api", "purl": "pkg:gem/actionpack@4.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/320317?format=api", "purl": "pkg:gem/actionpack@4.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60547?format=api", "purl": "pkg:gem/actionpack@4.2.0.beta4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta4" } ], "aliases": [ "CVE-2014-7829", "GHSA-h56m-vwxc-3qpw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v3u5-6bpb-qfgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26731?format=api", "vulnerability_id": "VCID-vhjv-9864-tbcs", "summary": "actionpack Cross-site Scripting vulnerability\nThe sanitize helper in `lib/action_controller/vendor/html-scanner/html/sanitizer.rb` in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded `:` (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a `:` sequence.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.7051", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1857", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1857" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921335", "reference_id": "921335", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921335" }, { "reference_url": "https://github.com/advisories/GHSA-j838-vfpq-fmf2", "reference_id": "GHSA-j838-vfpq-fmf2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j838-vfpq-fmf2" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60415?format=api", "purl": "pkg:gem/actionpack@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/60416?format=api", "purl": "pkg:gem/actionpack@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13" } ], "aliases": [ "CVE-2013-1857", "GHSA-j838-vfpq-fmf2", "OSV-91454" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhjv-9864-tbcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27197?format=api", "vulnerability_id": "VCID-vs1a-m7ya-rue8", "summary": "Rails vulnerable to Cross-site Scripting\nThere is an XSS vulnerability in the `number_to_currency`, `number_to_percentage` and `number_to_human` helpers in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0081.\n\nVersions Affected: All.\nFixed Versions: 4.1.0.beta2, 4.0.3, 3.2.17.\n\nImpact\n------\nThese helpers allows users to nicely format a numeric value. Some of the parameters to the helper (format, negative_format and units) are not escaped correctly. Applications which pass user controlled data as one of these parameters are vulnerable to an XSS attack.\n\nAll users passing user controlled data to these parameters of the number helpers should either upgrade or use one of the workarounds immediately.\n\nReleases\n--------\nThe 4.1.0.rc1, 4.0.3 and 3.2.17 releases are available at the normal locations.\n\nWorkarounds\n-----------\n\nThe workaround for this issue is to escape the value passed to the parameter.\nFor example, replace code like this:\n\n```ruby\n<%= number_to_currency(1.02, format: params[:format]) %>\n```\n\nWith code like this\n\n```ruby\n<%= number_to_currency(1.02, format: h(params[:format])) %>\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n* 4-1-beta-number_helpers_xss.patch - Patch for 4.1-beta series\n* 4-0-number_helpers_xss.patch - Patch for 4.0 series\n* 3-2-number_helpers_xss.patch - Patch for 3.2 series\n\nPlease note that only the 4.0.x and 3.2.x series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.\n\nCredits\n-------\n\nThanks to Kevin Reintjes for reporting the issue to us.\n\n-- \nAaron Patterson\nhttp://tenderlovemaking.com/", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/8" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75766", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081" }, { "reference_url": "https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782" }, { "reference_url": "https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647" }, { "reference_url": "https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520", "reference_id": "1065520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520" }, { "reference_url": "https://github.com/advisories/GHSA-m46p-ggm5-5j83", "reference_id": "GHSA-m46p-ggm5-5j83", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m46p-ggm5-5j83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0215", "reference_id": "RHSA-2014:0215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0306", "reference_id": "RHSA-2014:0306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0306" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60423?format=api", "purl": "pkg:gem/actionpack@3.2.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/60664?format=api", "purl": "pkg:gem/actionpack@4.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/380905?format=api", "purl": "pkg:gem/actionpack@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60615?format=api", "purl": "pkg:gem/actionpack@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1" } ], "aliases": [ "CVE-2014-0081", "GHSA-m46p-ggm5-5j83", "OSV-103439" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vs1a-m7ya-rue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26840?format=api", "vulnerability_id": "VCID-y13c-awe3-2bc1", "summary": "actionpack is vulnerable to remote bypass authentication\nThe http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01119", "scoring_system": "epss", "scoring_elements": "0.78538", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576" }, { "reference_url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933", "reference_id": "1301933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933" }, { "reference_url": "https://github.com/advisories/GHSA-p692-7mm3-3fxg", "reference_id": "GHSA-p692-7mm3-3fxg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p692-7mm3-3fxg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60449?format=api", "purl": "pkg:gem/actionpack@3.2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v4sh-tkkf-xfeh" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60450?format=api", "purl": "pkg:gem/actionpack@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v4sh-tkkf-xfeh" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60448?format=api", "purl": "pkg:gem/actionpack@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v4sh-tkkf-xfeh" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/367745?format=api", "purl": "pkg:gem/actionpack@5.0.0.beta1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1" } ], "aliases": [ "CVE-2015-7576", "GHSA-p692-7mm3-3fxg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y13c-awe3-2bc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45388?format=api", "vulnerability_id": "VCID-z16b-zfgu-13a9", "summary": "rails: Possible DoS Vulnerability in Action Controller Token Authentication", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03338", "scoring_system": "epss", "scoring_elements": "0.87506", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.4.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v5.2.4.6" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v5.2.6" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.0.3.7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.0.3.7" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.3.2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ" }, { "reference_url": "https://hackerone.com/reports/1101125", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1101125" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210805-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210805-0009/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379", "reference_id": "1961379", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214", "reference_id": "988214", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214" }, { "reference_url": "https://security.archlinux.org/AVG-1920", "reference_id": "AVG-1920", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1920" }, { "reference_url": "https://security.archlinux.org/AVG-1921", "reference_id": "AVG-1921", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1921" }, { "reference_url": "https://security.archlinux.org/AVG-2090", "reference_id": "AVG-2090", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2090" }, { "reference_url": "https://security.archlinux.org/AVG-2223", "reference_id": "AVG-2223", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79599?format=api", "purl": "pkg:gem/actionpack@5.2.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-be5x-uyc6-sudm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-re7g-rxbm-dbd9" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/79598?format=api", "purl": "pkg:gem/actionpack@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-be5x-uyc6-sudm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-re7g-rxbm-dbd9" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/79594?format=api", "purl": "pkg:gem/actionpack@6.0.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-be5x-uyc6-sudm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-fdqs-v9b2-53gu" }, { "vulnerability": "VCID-fgtd-zx7r-rygb" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-re7g-rxbm-dbd9" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/79596?format=api", "purl": "pkg:gem/actionpack@6.1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-b7z5-h1bw-tya9" }, { "vulnerability": "VCID-be5x-uyc6-sudm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-fdqs-v9b2-53gu" }, { "vulnerability": "VCID-fgtd-zx7r-rygb" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-re7g-rxbm-dbd9" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2" } ], "aliases": [ "CVE-2021-22904", "GHSA-7wjx-3g7j-8584" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z16b-zfgu-13a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26868?format=api", "vulnerability_id": "VCID-zapd-uts9-zfch", "summary": "actionpack allows remote attackers to bypass intended access restrictions\n`actionpack/lib/action_view/template/resolver.rb` in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68408", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0449" }, { "reference_url": "http://secunia.com/advisories/43278", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43278" }, { "reference_url": "http://securitytracker.com/id?1025061", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1025061" }, { "reference_url": "https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b" }, { "reference_url": "https://github.com/rails/rails/tree/main/actionpack", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/main/actionpack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0449", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0449" }, { "reference_url": "https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061" }, { "reference_url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://github.com/advisories/GHSA-4ww3-3rxj-8v6q", "reference_id": "GHSA-4ww3-3rxj-8v6q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4ww3-3rxj-8v6q" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-0449", "GHSA-4ww3-3rxj-8v6q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zapd-uts9-zfch" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27093?format=api", "vulnerability_id": "VCID-1b9z-efz6-9fdu", "summary": "actionpack Improper Input Validation vulnerability\nThe template selection functionality in `actionpack/lib/action_view/template/resolver.rb` in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a \"filter skipping vulnerability.\"", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.7458", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2929" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731432", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731432" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2929", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2929" }, { "reference_url": "https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://github.com/advisories/GHSA-r7q2-5gqg-6c7q", "reference_id": "GHSA-r7q2-5gqg-6c7q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7q2-5gqg-6c7q" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60434?format=api", "purl": "pkg:gem/actionpack@3.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5a2t-fre4-zkay" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/320327?format=api", "purl": "pkg:gem/actionpack@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5a2t-fre4-zkay" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0" } ], "aliases": [ "CVE-2011-2929", "GHSA-r7q2-5gqg-6c7q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1b9z-efz6-9fdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26991?format=api", "vulnerability_id": "VCID-cs1f-uhb2-xkcm", "summary": "actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in the simple_format helper in `actionpack/lib/action_view/helpers/text_helper.rb` in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46624", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6416" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/404", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/404" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6416", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6416" }, { "reference_url": "https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036914", "reference_id": "1036914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036914" }, { "reference_url": "https://github.com/advisories/GHSA-w37c-q653-qg95", "reference_id": "GHSA-w37c-q653-qg95", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w37c-q653-qg95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379219?format=api", "purl": "pkg:gem/actionpack@2.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5a2t-fre4-zkay" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-baur-f442-wqgw" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/320327?format=api", "purl": "pkg:gem/actionpack@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5a2t-fre4-zkay" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/320357?format=api", "purl": "pkg:gem/actionpack@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-1xbd-73qv-mff9" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-3rn4-abmh-nkhv" }, { "vulnerability": "VCID-4bzb-ft3d-dkgg" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-58sa-6uag-z7hp" }, { "vulnerability": "VCID-5a2t-fre4-zkay" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-5psk-hzaf-1kbz" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-832g-x9kb-3bbx" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-9gqn-8g4t-wfby" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-b4sv-b9pz-r7er" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-cs1f-uhb2-xkcm" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-jpj6-wzp3-m3e4" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nax4-x97j-9fgr" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-nnka-c23v-qub7" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-rgw4-mrr9-euda" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-v4sh-tkkf-xfeh" }, { "vulnerability": "VCID-vhjv-9864-tbcs" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60332?format=api", "purl": "pkg:gem/actionpack@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-123f-6px7-3qdg" }, { "vulnerability": "VCID-1b9z-efz6-9fdu" }, { "vulnerability": "VCID-3edd-m27s-a3ek" }, { "vulnerability": "VCID-4w1v-z4zj-6ydp" }, { "vulnerability": "VCID-5pfg-7ntp-eff4" }, { "vulnerability": "VCID-6z21-pd9d-pfgk" }, { "vulnerability": "VCID-8nkw-8mka-1ygk" }, { "vulnerability": "VCID-98gu-r7wd-cuah" }, { "vulnerability": "VCID-a6wp-n5yh-ybcv" }, { "vulnerability": "VCID-bfbp-7umh-2fcp" }, { "vulnerability": "VCID-brwd-e9kx-xuc2" }, { "vulnerability": "VCID-dd87-gevs-juhe" }, { "vulnerability": "VCID-eeru-6pyc-8bcd" }, { "vulnerability": "VCID-ejgq-s79w-abd6" }, { "vulnerability": "VCID-g13k-qvy7-q3fk" }, { "vulnerability": "VCID-g2a6-uem4-uuce" }, { "vulnerability": "VCID-hh65-ycrj-d7gz" }, { "vulnerability": "VCID-k6aw-heeb-wke2" }, { "vulnerability": "VCID-kshz-ckjc-77ab" }, { "vulnerability": "VCID-m156-zkzd-57g9" }, { "vulnerability": "VCID-m9ud-s6w6-x7ac" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-n7ga-1sx4-yfcv" }, { "vulnerability": "VCID-n7kh-9mpq-13c7" }, { "vulnerability": "VCID-nmz3-ux68-dkfd" }, { "vulnerability": "VCID-p1yd-keq8-rkh3" }, { "vulnerability": "VCID-qth9-abgp-wyaq" }, { "vulnerability": "VCID-r6mr-ay8d-nqdd" }, { "vulnerability": "VCID-sg9h-7dqr-xugu" }, { "vulnerability": "VCID-v2hk-dfbe-5khc" }, { "vulnerability": "VCID-v3u5-6bpb-qfgf" }, { "vulnerability": "VCID-vs1a-m7ya-rue8" }, { "vulnerability": "VCID-y13c-awe3-2bc1" }, { "vulnerability": "VCID-z16b-zfgu-13a9" }, { "vulnerability": "VCID-zapd-uts9-zfch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2" } ], "aliases": [ "CVE-2013-6416", "GHSA-w37c-q653-qg95", "OSV-100526" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cs1f-uhb2-xkcm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0" }