Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/activesupport@3.1.0
Typegem
Namespace
Nameactivesupport
Version3.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.2.3.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-2ghz-4sfg-2feh
vulnerability_id VCID-2ghz-4sfg-2feh
summary rails: rails-activesupport: Active Support: Denial of Service via crafted long digit strings
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33169.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33169.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33169
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.06013
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33169
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33169
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11
6
reference_url https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974
7
reference_url https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49
8
reference_url https://github.com/rails/rails/releases/tag/v7.2.3.1
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/releases/tag/v7.2.3.1
9
reference_url https://github.com/rails/rails/releases/tag/v8.0.4.1
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/releases/tag/v8.0.4.1
10
reference_url https://github.com/rails/rails/releases/tag/v8.1.2.1
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/releases/tag/v8.1.2.1
11
reference_url https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33169.yml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33169.yml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33169
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33169
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id 1132035
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450556
reference_id 2450556
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450556
fixed_packages
0
url pkg:gem/activesupport@7.2.3.1
purl pkg:gem/activesupport@7.2.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.2.3.1
1
url pkg:gem/activesupport@8.0.4.1
purl pkg:gem/activesupport@8.0.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.4.1
2
url pkg:gem/activesupport@8.1.2.1
purl pkg:gem/activesupport@8.1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.2.1
aliases CVE-2026-33169, GHSA-cg4j-q9v8-6v38
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ghz-4sfg-2feh
1
url VCID-4wmv-rurk-tub6
vulnerability_id VCID-4wmv-rurk-tub6
summary 
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
This vulnerability has been assigned the CVE identifier CVE-2023-28120.

Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3

# Impact

ActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized.
When these strings are mutated, the tag is should be removed to mark them as no longer being html_safe.

Ruby 3.2 introduced a new bytesplice method which ActiveSupport did not yet understand to be a mutation.
Users on older versions of Ruby are likely unaffected.

All users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately.

# Workarounds

Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28120
reference_id
reference_type
scores
0
value 0.00418
scoring_system epss
scoring_elements 0.62058
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28120
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120
4
reference_url https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/
url https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/
url https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28120
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28120
11
reference_url https://security.netapp.com/advisory/ntap-20240202-0006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240202-0006
12
reference_url https://www.debian.org/security/2023/dsa-5389
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/
url https://www.debian.org/security/2023/dsa-5389
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262
reference_id 1033262
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2179637
reference_id 2179637
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2179637
15
reference_url https://github.com/advisories/GHSA-pj73-v5mw-pm9j
reference_id GHSA-pj73-v5mw-pm9j
reference_type
scores
url https://github.com/advisories/GHSA-pj73-v5mw-pm9j
16
reference_url https://security.netapp.com/advisory/ntap-20240202-0006/
reference_id ntap-20240202-0006
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/
url https://security.netapp.com/advisory/ntap-20240202-0006/
17
reference_url https://access.redhat.com/errata/RHSA-2023:1953
reference_id RHSA-2023:1953
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1953
18
reference_url https://access.redhat.com/errata/RHSA-2023:3495
reference_id RHSA-2023:3495
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3495
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/
reference_id UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/
reference_id ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/
fixed_packages
0
url pkg:gem/activesupport@6.1.7.3
purl pkg:gem/activesupport@6.1.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-hdsb-jx4g-fqf6
2
vulnerability VCID-v3mu-95kt-ufc6
3
vulnerability VCID-zpzn-dbk4-juae
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@6.1.7.3
1
url pkg:gem/activesupport@7.0.4.3
purl pkg:gem/activesupport@7.0.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-hdsb-jx4g-fqf6
2
vulnerability VCID-v3mu-95kt-ufc6
3
vulnerability VCID-zpzn-dbk4-juae
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.4.3
aliases CVE-2023-28120, GHSA-pj73-v5mw-pm9j, GMS-2023-765
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4wmv-rurk-tub6
2
url VCID-71et-13y6-eufu
vulnerability_id VCID-71et-13y6-eufu
summary 
activesupport vulnerable to Denial of Service via large XML document depth
The (1) `jdom.rb` and (2) `rexml.rb` components in Active Support in Ruby on Rails before 3.2.22, 4.1.x before 4.1.11, and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html
1
reference_url http://openwall.com/lists/oss-security/2015/06/16/16
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2015/06/16/16
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3227.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3227.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3227
reference_id
reference_type
scores
0
value 0.02683
scoring_system epss
scoring_elements 0.86095
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3227
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
12
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
13
reference_url https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3
14
reference_url https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680
15
reference_url https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d
16
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J
17
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3227
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3227
19
reference_url https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234
20
reference_url https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755
21
reference_url http://www.debian.org/security/2016/dsa-3464
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3464
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1232302
reference_id 1232302
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1232302
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487
reference_id 790487
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487
24
reference_url https://github.com/advisories/GHSA-j96r-xvjq-r9pg
reference_id GHSA-j96r-xvjq-r9pg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j96r-xvjq-r9pg
fixed_packages
0
url pkg:gem/activesupport@3.2.22
purl pkg:gem/activesupport@3.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-b5he-f8nq-9yda
3
vulnerability VCID-bfbp-7umh-2fcp
4
vulnerability VCID-e4wh-thvg-5kdk
5
vulnerability VCID-ejgq-s79w-abd6
6
vulnerability VCID-hdsb-jx4g-fqf6
7
vulnerability VCID-n7kh-9mpq-13c7
8
vulnerability VCID-v3mu-95kt-ufc6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.22
1
url pkg:gem/activesupport@4.1.11
purl pkg:gem/activesupport@4.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-b5he-f8nq-9yda
3
vulnerability VCID-bfbp-7umh-2fcp
4
vulnerability VCID-e4wh-thvg-5kdk
5
vulnerability VCID-ejgq-s79w-abd6
6
vulnerability VCID-hdsb-jx4g-fqf6
7
vulnerability VCID-n7kh-9mpq-13c7
8
vulnerability VCID-v3mu-95kt-ufc6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@4.1.11
2
url pkg:gem/activesupport@4.2.0.beta1
purl pkg:gem/activesupport@4.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-71et-13y6-eufu
3
vulnerability VCID-b5he-f8nq-9yda
4
vulnerability VCID-bfbp-7umh-2fcp
5
vulnerability VCID-e4wh-thvg-5kdk
6
vulnerability VCID-ejgq-s79w-abd6
7
vulnerability VCID-g8nb-cs9p-b7dc
8
vulnerability VCID-hdsb-jx4g-fqf6
9
vulnerability VCID-n7kh-9mpq-13c7
10
vulnerability VCID-v3mu-95kt-ufc6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@4.2.0.beta1
3
url pkg:gem/activesupport@4.2.2
purl pkg:gem/activesupport@4.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-b5he-f8nq-9yda
3
vulnerability VCID-bfbp-7umh-2fcp
4
vulnerability VCID-e4wh-thvg-5kdk
5
vulnerability VCID-ejgq-s79w-abd6
6
vulnerability VCID-hdsb-jx4g-fqf6
7
vulnerability VCID-n7kh-9mpq-13c7
8
vulnerability VCID-v3mu-95kt-ufc6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@4.2.2
aliases CVE-2015-3227, GHSA-j96r-xvjq-r9pg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71et-13y6-eufu
3
url VCID-a97j-j4a4-7bg1
vulnerability_id VCID-a97j-j4a4-7bg1
summary 
activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1098
reference_id
reference_type
scores
0
value 0.00377
scoring_system epss
scoring_elements 0.59564
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1098
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=799275
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=799275
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098
6
reference_url https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1098
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1098
9
reference_url http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released
10
reference_url http://www.openwall.com/lists/oss-security/2012/03/02/6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/03/02/6
11
reference_url http://www.openwall.com/lists/oss-security/2012/03/03/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/03/03/1
12
reference_url https://github.com/advisories/GHSA-qv8p-v9qw-wc7g
reference_id GHSA-qv8p-v9qw-wc7g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qv8p-v9qw-wc7g
fixed_packages
0
url pkg:gem/activesupport@3.1.4
purl pkg:gem/activesupport@3.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-71et-13y6-eufu
3
vulnerability VCID-b5he-f8nq-9yda
4
vulnerability VCID-bfbp-7umh-2fcp
5
vulnerability VCID-e4wh-thvg-5kdk
6
vulnerability VCID-ejgq-s79w-abd6
7
vulnerability VCID-g8nb-cs9p-b7dc
8
vulnerability VCID-hdsb-jx4g-fqf6
9
vulnerability VCID-n7kh-9mpq-13c7
10
vulnerability VCID-qswy-ngsk-yfhy
11
vulnerability VCID-qvc6-ev84-fkbd
12
vulnerability VCID-v3mu-95kt-ufc6
13
vulnerability VCID-z8t9-md9f-qfde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.4
1
url pkg:gem/activesupport@3.2.0.rc1
purl pkg:gem/activesupport@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-71et-13y6-eufu
3
vulnerability VCID-a97j-j4a4-7bg1
4
vulnerability VCID-b5he-f8nq-9yda
5
vulnerability VCID-bfbp-7umh-2fcp
6
vulnerability VCID-e4wh-thvg-5kdk
7
vulnerability VCID-ejgq-s79w-abd6
8
vulnerability VCID-g8nb-cs9p-b7dc
9
vulnerability VCID-hdsb-jx4g-fqf6
10
vulnerability VCID-n7kh-9mpq-13c7
11
vulnerability VCID-qswy-ngsk-yfhy
12
vulnerability VCID-qvc6-ev84-fkbd
13
vulnerability VCID-v3mu-95kt-ufc6
14
vulnerability VCID-z8t9-md9f-qfde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.0.rc1
2
url pkg:gem/activesupport@3.2.2
purl pkg:gem/activesupport@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-71et-13y6-eufu
3
vulnerability VCID-b5he-f8nq-9yda
4
vulnerability VCID-bfbp-7umh-2fcp
5
vulnerability VCID-e4wh-thvg-5kdk
6
vulnerability VCID-ejgq-s79w-abd6
7
vulnerability VCID-g8nb-cs9p-b7dc
8
vulnerability VCID-hdsb-jx4g-fqf6
9
vulnerability VCID-n7kh-9mpq-13c7
10
vulnerability VCID-qswy-ngsk-yfhy
11
vulnerability VCID-qvc6-ev84-fkbd
12
vulnerability VCID-v3mu-95kt-ufc6
13
vulnerability VCID-z8t9-md9f-qfde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.2
aliases CVE-2012-1098, GHSA-qv8p-v9qw-wc7g, OSV-79726
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a97j-j4a4-7bg1
4
url VCID-b5he-f8nq-9yda
vulnerability_id VCID-b5he-f8nq-9yda
summary 
ReDoS based DoS vulnerability in Active Support's underscore
There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796.

Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 (Rails LTS, which is a paid service and not part of the rubygem), 6.1.7.1, 7.0.4.1
Impact

A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.

This affects String#underscore, ActiveSupport::Inflector.underscore, String#titleize, and any other methods using these.

All users running an affected release should either upgrade or use one of the workarounds immediately.
Releases

The FIXED releases are available at the normal locations.
Workarounds

There are no feasible workarounds for this issue.

Users on Ruby 3.2.0 or greater may be able to reduce the impact by configuring Regexp.timeout.
Patches

To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

    6-1-Avoid-regex-backtracking-in-Inflector.underscore.patch - Patch for 6.1 series
    7-0-Avoid-regex-backtracking-in-Inflector.underscore.patch - Patch for 7.0 series

Please note that only the 7.0.Z and 6.1.Z series are supported at present, and 6.0.Z for severe vulnerabilities. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22796
reference_id
reference_type
scores
0
value 0.01525
scoring_system epss
scoring_elements 0.81578
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22796
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/
url https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
15
reference_url https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8
16
reference_url https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef
17
reference_url https://github.com/rails/rails/releases/tag/v6.1.7.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.7.1
18
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
19
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22796
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22796
21
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164736
reference_id 2164736
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164736
24
reference_url https://github.com/advisories/GHSA-j6gc-792m-qgm2
reference_id GHSA-j6gc-792m-qgm2
reference_type
scores
url https://github.com/advisories/GHSA-j6gc-792m-qgm2
25
reference_url https://security.netapp.com/advisory/ntap-20240202-0009/
reference_id ntap-20240202-0009
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/
url https://security.netapp.com/advisory/ntap-20240202-0009/
26
reference_url https://access.redhat.com/errata/RHSA-2023:4341
reference_id RHSA-2023:4341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4341
27
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/activesupport@5.2.8
purl pkg:gem/activesupport@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-b5he-f8nq-9yda
3
vulnerability VCID-hdsb-jx4g-fqf6
4
vulnerability VCID-v3mu-95kt-ufc6
5
vulnerability VCID-zpzn-dbk4-juae
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@5.2.8
1
url pkg:gem/activesupport@6.1.7.1
purl pkg:gem/activesupport@6.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-b5he-f8nq-9yda
3
vulnerability VCID-hdsb-jx4g-fqf6
4
vulnerability VCID-v3mu-95kt-ufc6
5
vulnerability VCID-zpzn-dbk4-juae
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@6.1.7.1
2
url pkg:gem/activesupport@7.0.4.1
purl pkg:gem/activesupport@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-b5he-f8nq-9yda
3
vulnerability VCID-hdsb-jx4g-fqf6
4
vulnerability VCID-v3mu-95kt-ufc6
5
vulnerability VCID-zpzn-dbk4-juae
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.4.1
aliases CVE-2023-22796, GHSA-j6gc-792m-qgm2, GMS-2023-61
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5he-f8nq-9yda
5
url VCID-bfbp-7umh-2fcp
vulnerability_id VCID-bfbp-7umh-2fcp
summary 
actionpack and activesupport vulnerable to information leaks
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3086
reference_id
reference_type
scores
0
value 0.00556
scoring_system epss
scoring_elements 0.68454
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3086
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086
3
reference_url http://secunia.com/advisories/36600
reference_id
reference_type
scores
url http://secunia.com/advisories/36600
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0
6
reference_url https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978
7
reference_url https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-3086
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2009-3086
11
reference_url https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544
12
reference_url https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600
13
reference_url https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427
14
reference_url http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails
15
reference_url http://www.debian.org/security/2011/dsa-2260
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2260
16
reference_url http://www.securityfocus.com/bid/37427
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/37427
17
reference_url http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2009/2544
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
reference_id 545063
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
19
reference_url https://github.com/advisories/GHSA-fg9w-g6m4-557j
reference_id GHSA-fg9w-g6m4-557j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fg9w-g6m4-557j
20
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
aliases CVE-2009-3086, GHSA-fg9w-g6m4-557j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bfbp-7umh-2fcp
6
url VCID-e4wh-thvg-5kdk
vulnerability_id VCID-e4wh-thvg-5kdk
summary 
activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.r`b in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability."
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2932
reference_id
reference_type
scores
0
value 0.00813
scoring_system epss
scoring_elements 0.7456
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2932
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=731435
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=731435
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932
7
reference_url http://secunia.com/advisories/45917
reference_id
reference_type
scores
url http://secunia.com/advisories/45917
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2932
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2932
12
reference_url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
13
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
14
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
15
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
16
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
17
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
18
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
19
reference_url https://github.com/advisories/GHSA-9fh3-vh3h-q4g3
reference_id GHSA-9fh3-vh3h-q4g3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9fh3-vh3h-q4g3
20
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-2932, GHSA-9fh3-vh3h-q4g3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4wh-thvg-5kdk
7
url VCID-ejgq-s79w-abd6
vulnerability_id VCID-ejgq-s79w-abd6
summary 
rails Cross-site Scripting vulnerability
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html
3
reference_url http://openwall.com/lists/oss-security/2011/06/09/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/06/09/2
4
reference_url http://openwall.com/lists/oss-security/2011/06/13/9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/06/13/9
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2197
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.63551
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2197
6
reference_url http://secunia.com/advisories/44789
reference_id
reference_type
scores
url http://secunia.com/advisories/44789
7
reference_url https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd
10
reference_url https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2197
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2197
13
reference_url http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
14
reference_url https://github.com/advisories/GHSA-v9v4-7jp6-8c73
reference_id GHSA-v9v4-7jp6-8c73
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v9v4-7jp6-8c73
fixed_packages
aliases CVE-2011-2197, GHSA-v9v4-7jp6-8c73
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ejgq-s79w-abd6
8
url VCID-g8nb-cs9p-b7dc
vulnerability_id VCID-g8nb-cs9p-b7dc
summary 
activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `json/encoding.rb` in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
references
0
reference_url http://openwall.com/lists/oss-security/2015/06/16/17
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2015/06/16/17
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3226.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3226.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3226
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43698
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3226
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
11
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
12
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ
13
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU
14
reference_url https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3226
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3226
16
reference_url https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231
17
reference_url https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755
18
reference_url http://www.debian.org/security/2016/dsa-3464
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3464
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1232310
reference_id 1232310
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1232310
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486
reference_id 790486
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486
21
reference_url https://github.com/advisories/GHSA-vxvp-4xwc-jpp6
reference_id GHSA-vxvp-4xwc-jpp6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vxvp-4xwc-jpp6
fixed_packages
0
url pkg:gem/activesupport@4.1.11
purl pkg:gem/activesupport@4.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-b5he-f8nq-9yda
3
vulnerability VCID-bfbp-7umh-2fcp
4
vulnerability VCID-e4wh-thvg-5kdk
5
vulnerability VCID-ejgq-s79w-abd6
6
vulnerability VCID-hdsb-jx4g-fqf6
7
vulnerability VCID-n7kh-9mpq-13c7
8
vulnerability VCID-v3mu-95kt-ufc6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@4.1.11
1
url pkg:gem/activesupport@4.2.0.beta1
purl pkg:gem/activesupport@4.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-71et-13y6-eufu
3
vulnerability VCID-b5he-f8nq-9yda
4
vulnerability VCID-bfbp-7umh-2fcp
5
vulnerability VCID-e4wh-thvg-5kdk
6
vulnerability VCID-ejgq-s79w-abd6
7
vulnerability VCID-g8nb-cs9p-b7dc
8
vulnerability VCID-hdsb-jx4g-fqf6
9
vulnerability VCID-n7kh-9mpq-13c7
10
vulnerability VCID-v3mu-95kt-ufc6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@4.2.0.beta1
2
url pkg:gem/activesupport@4.2.2
purl pkg:gem/activesupport@4.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-b5he-f8nq-9yda
3
vulnerability VCID-bfbp-7umh-2fcp
4
vulnerability VCID-e4wh-thvg-5kdk
5
vulnerability VCID-ejgq-s79w-abd6
6
vulnerability VCID-hdsb-jx4g-fqf6
7
vulnerability VCID-n7kh-9mpq-13c7
8
vulnerability VCID-v3mu-95kt-ufc6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@4.2.2
aliases CVE-2015-3226, GHSA-vxvp-4xwc-jpp6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8nb-cs9p-b7dc
9
url VCID-hdsb-jx4g-fqf6
vulnerability_id VCID-hdsb-jx4g-fqf6
summary Rails: Active Support: Active Support: Cross-Site Scripting (XSS) due to improper HTML safety flag propagation in SafeBuffer#%
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33170
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01144
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33170
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33170
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33170
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7
6
reference_url https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db
7
reference_url https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb
8
reference_url https://github.com/rails/rails/releases/tag/v7.2.3.1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/releases/tag/v7.2.3.1
9
reference_url https://github.com/rails/rails/releases/tag/v8.0.4.1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/releases/tag/v8.0.4.1
10
reference_url https://github.com/rails/rails/releases/tag/v8.1.2.1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/releases/tag/v8.1.2.1
11
reference_url https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33170.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33170.yml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33170
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33170
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id 1132035
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450543
reference_id 2450543
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450543
fixed_packages
0
url pkg:gem/activesupport@7.2.3.1
purl pkg:gem/activesupport@7.2.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.2.3.1
1
url pkg:gem/activesupport@8.0.4.1
purl pkg:gem/activesupport@8.0.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.4.1
2
url pkg:gem/activesupport@8.1.2.1
purl pkg:gem/activesupport@8.1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.2.1
aliases CVE-2026-33170, GHSA-89vf-4333-qx8v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hdsb-jx4g-fqf6
10
url VCID-n7kh-9mpq-13c7
vulnerability_id VCID-n7kh-9mpq-13c7
summary 
Cross site scripting that affects rails
Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.
references
0
reference_url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
1
reference_url http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source
2
reference_url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3009
reference_id
reference_type
scores
0
value 0.01632
scoring_system epss
scoring_elements 0.8221
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3009
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009
7
reference_url http://secunia.com/advisories/36600
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/36600
8
reference_url http://secunia.com/advisories/36717
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/36717
9
reference_url http://securitytracker.com/id?1022824
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://securitytracker.com/id?1022824
10
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/53036
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/53036
11
reference_url https://github.com/advisories/GHSA-8qrh-h9m2-5fvf
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8qrh-h9m2-5fvf
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-3009
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2009-3009
14
reference_url http://support.apple.com/kb/HT4077
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT4077
15
reference_url http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails
16
reference_url http://www.debian.org/security/2009/dsa-1887
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2009/dsa-1887
17
reference_url http://www.osvdb.org/57666
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.osvdb.org/57666
18
reference_url http://www.securityfocus.com/bid/36278
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/36278
19
reference_url http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2009/2544
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=520843
reference_id 520843
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=520843
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
reference_id 545063
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
22
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
aliases CVE-2009-3009, GHSA-8qrh-h9m2-5fvf, OSV-57666
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7kh-9mpq-13c7
11
url VCID-qswy-ngsk-yfhy
vulnerability_id VCID-qswy-ngsk-yfhy
summary 
activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.rb` in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3464
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.47909
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3464
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464
4
reference_url https://github.com/advisories/GHSA-h835-75hw-pj89
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h835-75hw-pj89
5
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
6
reference_url https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce
7
reference_url https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23
8
reference_url https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870
9
reference_url https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc
10
reference_url https://github.com/rails/rails/issues/7215
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/issues/7215
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml
12
reference_url https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3464
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3464
14
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=847199
reference_id 847199
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=847199
16
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
17
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/activesupport@3.1.8
purl pkg:gem/activesupport@3.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-71et-13y6-eufu
3
vulnerability VCID-b5he-f8nq-9yda
4
vulnerability VCID-bfbp-7umh-2fcp
5
vulnerability VCID-e4wh-thvg-5kdk
6
vulnerability VCID-ejgq-s79w-abd6
7
vulnerability VCID-g8nb-cs9p-b7dc
8
vulnerability VCID-hdsb-jx4g-fqf6
9
vulnerability VCID-n7kh-9mpq-13c7
10
vulnerability VCID-qvc6-ev84-fkbd
11
vulnerability VCID-v3mu-95kt-ufc6
12
vulnerability VCID-z8t9-md9f-qfde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.8
1
url pkg:gem/activesupport@3.2.0.rc1
purl pkg:gem/activesupport@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-71et-13y6-eufu
3
vulnerability VCID-a97j-j4a4-7bg1
4
vulnerability VCID-b5he-f8nq-9yda
5
vulnerability VCID-bfbp-7umh-2fcp
6
vulnerability VCID-e4wh-thvg-5kdk
7
vulnerability VCID-ejgq-s79w-abd6
8
vulnerability VCID-g8nb-cs9p-b7dc
9
vulnerability VCID-hdsb-jx4g-fqf6
10
vulnerability VCID-n7kh-9mpq-13c7
11
vulnerability VCID-qswy-ngsk-yfhy
12
vulnerability VCID-qvc6-ev84-fkbd
13
vulnerability VCID-v3mu-95kt-ufc6
14
vulnerability VCID-z8t9-md9f-qfde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.0.rc1
2
url pkg:gem/activesupport@3.2.8
purl pkg:gem/activesupport@3.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-71et-13y6-eufu
3
vulnerability VCID-b5he-f8nq-9yda
4
vulnerability VCID-bfbp-7umh-2fcp
5
vulnerability VCID-e4wh-thvg-5kdk
6
vulnerability VCID-ejgq-s79w-abd6
7
vulnerability VCID-g8nb-cs9p-b7dc
8
vulnerability VCID-hdsb-jx4g-fqf6
9
vulnerability VCID-n7kh-9mpq-13c7
10
vulnerability VCID-qvc6-ev84-fkbd
11
vulnerability VCID-v3mu-95kt-ufc6
12
vulnerability VCID-z8t9-md9f-qfde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.8
aliases CVE-2012-3464, GHSA-h835-75hw-pj89, OSV-84516
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qswy-ngsk-yfhy
12
url VCID-qvc6-ev84-fkbd
vulnerability_id VCID-qvc6-ev84-fkbd
summary 
activesupport in Rails vulnerable to incorrect data conversion
`lib/active_support/json/backends/yaml.rb` in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.
references
0
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
1
reference_url http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0201.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0201.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0202.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0202.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0203.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0203.html
5
reference_url https://access.redhat.com/errata/RHSA-2013:0201
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0201
6
reference_url https://access.redhat.com/errata/RHSA-2013:0202
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0202
7
reference_url https://access.redhat.com/errata/RHSA-2013:0203
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0203
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json
9
reference_url https://access.redhat.com/security/cve/CVE-2013-0333
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-0333
10
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0333
reference_id
reference_type
scores
0
value 0.91761
scoring_system epss
scoring_elements 0.99699
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0333
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=903440
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=903440
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333
13
reference_url https://github.com/advisories/GHSA-xgr2-v94m-rc9g
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xgr2-v94m-rc9g
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml
15
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
16
reference_url https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0333
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0333
18
reference_url https://puppet.com/security/cve/cve-2013-0333
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2013-0333
19
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
20
reference_url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released
21
reference_url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
22
reference_url http://www.debian.org/security/2013/dsa-2613
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2613
23
reference_url http://www.kb.cert.org/vuls/id/628463
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.kb.cert.org/vuls/id/628463
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226
reference_id 699226
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226
25
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb
reference_id CVE-2013-0333;OSVDB-89594
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb
26
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2013-0333, GHSA-xgr2-v94m-rc9g, OSV-89594
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvc6-ev84-fkbd
13
url VCID-v3mu-95kt-ufc6
vulnerability_id VCID-v3mu-95kt-ufc6
summary Rails: Active Support: Active Support: Denial of Service via large scientific notation strings
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33176.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33176.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33176
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09295
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33176
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33176
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33176
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb
6
reference_url https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a
7
reference_url https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856
8
reference_url https://github.com/rails/rails/releases/tag/v7.2.3.1
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/releases/tag/v7.2.3.1
9
reference_url https://github.com/rails/rails/releases/tag/v8.0.4.1
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/releases/tag/v8.0.4.1
10
reference_url https://github.com/rails/rails/releases/tag/v8.1.2.1
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/releases/tag/v8.1.2.1
11
reference_url https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33176.yml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33176.yml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33176
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33176
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id 1132035
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450551
reference_id 2450551
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450551
16
reference_url https://access.redhat.com/errata/RHSA-2026:14835
reference_id RHSA-2026:14835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14835
17
reference_url https://access.redhat.com/errata/RHSA-2026:14873
reference_id RHSA-2026:14873
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14873
18
reference_url https://access.redhat.com/errata/RHSA-2026:14874
reference_id RHSA-2026:14874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14874
fixed_packages
0
url pkg:gem/activesupport@7.2.3.1
purl pkg:gem/activesupport@7.2.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.2.3.1
1
url pkg:gem/activesupport@8.0.4.1
purl pkg:gem/activesupport@8.0.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.4.1
2
url pkg:gem/activesupport@8.1.2.1
purl pkg:gem/activesupport@8.1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.2.1
aliases CVE-2026-33176, GHSA-2j26-frm8-cmj9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v3mu-95kt-ufc6
14
url VCID-z8t9-md9f-qfde
vulnerability_id VCID-z8t9-md9f-qfde
summary 
activesupport Improper Input Validation vulnerability
The `ActiveSupport::XmlMini_JDOM` backend in `lib/active_support/xml_mini/jdom.rb` in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference.
references
0
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
1
reference_url http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1856
reference_id
reference_type
scores
0
value 0.00707
scoring_system epss
scoring_elements 0.7247
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1856
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml
5
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI
6
reference_url https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1856
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1856
8
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
9
reference_url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
10
reference_url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
11
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
12
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
13
reference_url http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856
reference_id
reference_type
scores
url http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856
14
reference_url http://www.openwall.com/lists/oss-security/2013/03/18/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/03/18/4
15
reference_url https://github.com/advisories/GHSA-9c2j-593q-3g82
reference_id GHSA-9c2j-593q-3g82
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c2j-593q-3g82
16
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/activesupport@3.1.12
purl pkg:gem/activesupport@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-71et-13y6-eufu
3
vulnerability VCID-b5he-f8nq-9yda
4
vulnerability VCID-bfbp-7umh-2fcp
5
vulnerability VCID-e4wh-thvg-5kdk
6
vulnerability VCID-ejgq-s79w-abd6
7
vulnerability VCID-g8nb-cs9p-b7dc
8
vulnerability VCID-hdsb-jx4g-fqf6
9
vulnerability VCID-n7kh-9mpq-13c7
10
vulnerability VCID-v3mu-95kt-ufc6
11
vulnerability VCID-z8t9-md9f-qfde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.12
1
url pkg:gem/activesupport@3.2.13
purl pkg:gem/activesupport@3.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-71et-13y6-eufu
3
vulnerability VCID-b5he-f8nq-9yda
4
vulnerability VCID-bfbp-7umh-2fcp
5
vulnerability VCID-e4wh-thvg-5kdk
6
vulnerability VCID-ejgq-s79w-abd6
7
vulnerability VCID-g8nb-cs9p-b7dc
8
vulnerability VCID-hdsb-jx4g-fqf6
9
vulnerability VCID-n7kh-9mpq-13c7
10
vulnerability VCID-v3mu-95kt-ufc6
11
vulnerability VCID-z8t9-md9f-qfde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.13
aliases CVE-2013-1856, GHSA-9c2j-593q-3g82, OSV-91451
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z8t9-md9f-qfde
Fixing_vulnerabilities
0
url VCID-e4wh-thvg-5kdk
vulnerability_id VCID-e4wh-thvg-5kdk
summary 
activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.r`b in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability."
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2932
reference_id
reference_type
scores
0
value 0.00813
scoring_system epss
scoring_elements 0.7456
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2932
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=731435
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=731435
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932
7
reference_url http://secunia.com/advisories/45917
reference_id
reference_type
scores
url http://secunia.com/advisories/45917
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2932
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2932
12
reference_url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
13
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
14
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
15
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
16
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
17
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
18
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
19
reference_url https://github.com/advisories/GHSA-9fh3-vh3h-q4g3
reference_id GHSA-9fh3-vh3h-q4g3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9fh3-vh3h-q4g3
20
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/activesupport@2.3.13
purl pkg:gem/activesupport@2.3.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@2.3.13
1
url pkg:gem/activesupport@2.3.14
purl pkg:gem/activesupport@2.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-71et-13y6-eufu
3
vulnerability VCID-a97j-j4a4-7bg1
4
vulnerability VCID-b5he-f8nq-9yda
5
vulnerability VCID-bfbp-7umh-2fcp
6
vulnerability VCID-e4wh-thvg-5kdk
7
vulnerability VCID-ejgq-s79w-abd6
8
vulnerability VCID-g8nb-cs9p-b7dc
9
vulnerability VCID-hdsb-jx4g-fqf6
10
vulnerability VCID-n7kh-9mpq-13c7
11
vulnerability VCID-qswy-ngsk-yfhy
12
vulnerability VCID-qvc6-ev84-fkbd
13
vulnerability VCID-v3mu-95kt-ufc6
14
vulnerability VCID-z8t9-md9f-qfde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@2.3.14
2
url pkg:gem/activesupport@3.0.10
purl pkg:gem/activesupport@3.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-71et-13y6-eufu
3
vulnerability VCID-a97j-j4a4-7bg1
4
vulnerability VCID-b5he-f8nq-9yda
5
vulnerability VCID-bfbp-7umh-2fcp
6
vulnerability VCID-e4wh-thvg-5kdk
7
vulnerability VCID-ejgq-s79w-abd6
8
vulnerability VCID-g8nb-cs9p-b7dc
9
vulnerability VCID-hdsb-jx4g-fqf6
10
vulnerability VCID-n7kh-9mpq-13c7
11
vulnerability VCID-qswy-ngsk-yfhy
12
vulnerability VCID-qvc6-ev84-fkbd
13
vulnerability VCID-v3mu-95kt-ufc6
14
vulnerability VCID-z8t9-md9f-qfde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.0.10
3
url pkg:gem/activesupport@3.1.0
purl pkg:gem/activesupport@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-4wmv-rurk-tub6
2
vulnerability VCID-71et-13y6-eufu
3
vulnerability VCID-a97j-j4a4-7bg1
4
vulnerability VCID-b5he-f8nq-9yda
5
vulnerability VCID-bfbp-7umh-2fcp
6
vulnerability VCID-e4wh-thvg-5kdk
7
vulnerability VCID-ejgq-s79w-abd6
8
vulnerability VCID-g8nb-cs9p-b7dc
9
vulnerability VCID-hdsb-jx4g-fqf6
10
vulnerability VCID-n7kh-9mpq-13c7
11
vulnerability VCID-qswy-ngsk-yfhy
12
vulnerability VCID-qvc6-ev84-fkbd
13
vulnerability VCID-v3mu-95kt-ufc6
14
vulnerability VCID-z8t9-md9f-qfde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.0
aliases CVE-2011-2932, GHSA-9fh3-vh3h-q4g3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4wh-thvg-5kdk
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.0