Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionpack@2.2.0
Typegem
Namespace
Nameactionpack
Version2.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.1.2.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-a6wp-n5yh-ybcv
vulnerability_id VCID-a6wp-n5yh-ybcv
summary 
Improper Input Validation in actionpack
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
2
reference_url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
3
reference_url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
reference_id
reference_type
scores
url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json
5
reference_url https://access.redhat.com/security/cve/CVE-2008-7248
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2008-7248
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-7248
reference_id
reference_type
scores
0
value 0.11409
scoring_system epss
scoring_elements 0.93687
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-7248
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=544329
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=544329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248
9
reference_url http://secunia.com/advisories/36600
reference_id
reference_type
scores
url http://secunia.com/advisories/36600
10
reference_url http://secunia.com/advisories/38915
reference_id
reference_type
scores
url http://secunia.com/advisories/38915
11
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
12
reference_url https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml
14
reference_url https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
15
reference_url https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-7248
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-7248
17
reference_url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
18
reference_url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
reference_id
reference_type
scores
url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
19
reference_url https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544
20
reference_url https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
21
reference_url https://www.openwall.com/lists/oss-security/2009/11/28/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2009/11/28/1
22
reference_url https://www.openwall.com/lists/oss-security/2009/12/02/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2009/12/02/2
23
reference_url https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
24
reference_url http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
25
reference_url http://www.openwall.com/lists/oss-security/2009/11/28/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2009/11/28/1
26
reference_url http://www.openwall.com/lists/oss-security/2009/12/02/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2009/12/02/2
27
reference_url http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
reference_id
reference_type
scores
url http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
28
reference_url http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2009/2544
29
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
reference_id 558685
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
30
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt
reference_id CVE-2008-7248;OSVDB-61124
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt
31
reference_url https://www.securityfocus.com/bid/37322/info
reference_id CVE-2008-7248;OSVDB-61124
reference_type exploit
scores
url https://www.securityfocus.com/bid/37322/info
32
reference_url https://github.com/advisories/GHSA-8fqx-7pv4-3jwm
reference_id GHSA-8fqx-7pv4-3jwm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8fqx-7pv4-3jwm
33
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
0
url pkg:gem/actionpack@2.2.2
purl pkg:gem/actionpack@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b9z-efz6-9fdu
1
vulnerability VCID-1xbd-73qv-mff9
2
vulnerability VCID-3edd-m27s-a3ek
3
vulnerability VCID-3rn4-abmh-nkhv
4
vulnerability VCID-4bzb-ft3d-dkgg
5
vulnerability VCID-58sa-6uag-z7hp
6
vulnerability VCID-5a2t-fre4-zkay
7
vulnerability VCID-5pfg-7ntp-eff4
8
vulnerability VCID-5psk-hzaf-1kbz
9
vulnerability VCID-8nkw-8mka-1ygk
10
vulnerability VCID-98gu-r7wd-cuah
11
vulnerability VCID-9gqn-8g4t-wfby
12
vulnerability VCID-a6wp-n5yh-ybcv
13
vulnerability VCID-baur-f442-wqgw
14
vulnerability VCID-bfbp-7umh-2fcp
15
vulnerability VCID-cs1f-uhb2-xkcm
16
vulnerability VCID-dd87-gevs-juhe
17
vulnerability VCID-eeru-6pyc-8bcd
18
vulnerability VCID-ejgq-s79w-abd6
19
vulnerability VCID-g13k-qvy7-q3fk
20
vulnerability VCID-g2a6-uem4-uuce
21
vulnerability VCID-jpj6-wzp3-m3e4
22
vulnerability VCID-k6aw-heeb-wke2
23
vulnerability VCID-mnh7-4rvx-suay
24
vulnerability VCID-n7kh-9mpq-13c7
25
vulnerability VCID-nax4-x97j-9fgr
26
vulnerability VCID-nmz3-ux68-dkfd
27
vulnerability VCID-nnka-c23v-qub7
28
vulnerability VCID-p1yd-keq8-rkh3
29
vulnerability VCID-qth9-abgp-wyaq
30
vulnerability VCID-r6mr-ay8d-nqdd
31
vulnerability VCID-rgw4-mrr9-euda
32
vulnerability VCID-sg9h-7dqr-xugu
33
vulnerability VCID-v2hk-dfbe-5khc
34
vulnerability VCID-v3u5-6bpb-qfgf
35
vulnerability VCID-vhjv-9864-tbcs
36
vulnerability VCID-vs1a-m7ya-rue8
37
vulnerability VCID-y13c-awe3-2bc1
38
vulnerability VCID-zapd-uts9-zfch
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.2.2
aliases CVE-2008-7248, GHSA-8fqx-7pv4-3jwm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6wp-n5yh-ybcv
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.2.0