Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionview@7.0.0
Typegem
Namespace
Nameactionview
Version7.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.2.3.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-5jbk-xam9-4uca
vulnerability_id VCID-5jbk-xam9-4uca
summary 
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0.

There is a potential DOM based cross-site scripting issue in rails-ujs
which leverages the Clipboard API to target HTML elements that are
assigned the contenteditable attribute. This has the potential to
occur when pasting malicious HTML content from the clipboard that
includes a data-method, data-remote or data-disable-with attribute.

This vulnerability has been assigned the CVE identifier CVE-2023-23913.

Not affected: < 5.1.0
Versions Affected: >= 5.1.0
Fixed Versions: 6.1.7.3, 7.0.4.3

Impact
  If the specified malicious HTML clipboard content is provided to a
  contenteditable element, this could result in the arbitrary execution
  of javascript on the origin in question.

Releases
  The FIXED releases are available at the normal locations.

Workarounds
  We recommend that all users upgrade to one of the FIXED versions.
  In the meantime, users can attempt to mitigate this vulnerability
  by removing the contenteditable attribute from elements in pages
  that rails-ujs will interact with.

Patches
  To aid users who aren’t able to upgrade immediately we have provided
  patches for the two supported release series. They are in git-am
  format and consist of a single changeset.

* rails-ujs-data-method-contenteditable-6-1.patch - Patch for 6.1 series
* rails-ujs-data-method-contenteditable-7-0.patch - Patch for 7.0 series

Please note that only the 7.0.Z and 6.1.Z series are
supported at present, and 6.0.Z for severe vulnerabilities.

Users of earlier unsupported releases are advised to upgrade as
soon as possible as we cannot guarantee the continued availability
of security fixes for unsupported releases.

Credits
  We would like to thank ryotak 15 for reporting this!

* rails-ujs-data-method-contenteditable-6-1.patch (8.5 KB)
* rails-ujs-data-method-contenteditable-7-0.patch (8.5 KB)
* rails-ujs-data-method-contenteditable-main.patch (8.9 KB)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23913
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.3614
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23913
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120
5
reference_url https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/
url https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/
url https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd
9
reference_url https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23913
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23913
12
reference_url https://security.netapp.com/advisory/ntap-20240605-0007
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240605-0007
13
reference_url https://www.debian.org/security/2023/dsa-5389
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/
url https://www.debian.org/security/2023/dsa-5389
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182160
reference_id 2182160
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2182160
15
reference_url https://github.com/advisories/GHSA-xp5h-f8jf-rc8q
reference_id GHSA-xp5h-f8jf-rc8q
reference_type
scores
url https://github.com/advisories/GHSA-xp5h-f8jf-rc8q
16
reference_url https://security.netapp.com/advisory/ntap-20240605-0007/
reference_id ntap-20240605-0007
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/
url https://security.netapp.com/advisory/ntap-20240605-0007/
fixed_packages
0
url pkg:gem/actionview@7.0.4.3
purl pkg:gem/actionview@7.0.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f48b-ashx-53bg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@7.0.4.3
aliases CVE-2023-23913, GHSA-xp5h-f8jf-rc8q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jbk-xam9-4uca
1
url VCID-f48b-ashx-53bg
vulnerability_id VCID-f48b-ashx-53bg
summary actionview: Action View: Cross-Site Scripting (XSS) via blank HTML attribute names
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33168.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33168.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33168
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07655
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33168
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33168
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33168
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/
url https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c
6
reference_url https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/
url https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d
7
reference_url https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/
url https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924
8
reference_url https://github.com/rails/rails/releases/tag/v7.2.3.1
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/
url https://github.com/rails/rails/releases/tag/v7.2.3.1
9
reference_url https://github.com/rails/rails/releases/tag/v8.0.4.1
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/
url https://github.com/rails/rails/releases/tag/v8.0.4.1
10
reference_url https://github.com/rails/rails/releases/tag/v8.1.2.1
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/
url https://github.com/rails/rails/releases/tag/v8.1.2.1
11
reference_url https://github.com/rails/rails/security/advisories/GHSA-v55j-83pf-r9cq
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/
url https://github.com/rails/rails/security/advisories/GHSA-v55j-83pf-r9cq
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2026-33168.yml
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2026-33168.yml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33168
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33168
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id 1132035
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450549
reference_id 2450549
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450549
fixed_packages
0
url pkg:gem/actionview@7.2.3.1
purl pkg:gem/actionview@7.2.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@7.2.3.1
1
url pkg:gem/actionview@8.0.4.1
purl pkg:gem/actionview@8.0.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@8.0.4.1
2
url pkg:gem/actionview@8.1.2.1
purl pkg:gem/actionview@8.1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@8.1.2.1
aliases CVE-2026-33168, GHSA-v55j-83pf-r9cq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f48b-ashx-53bg
2
url VCID-kshz-ckjc-77ab
vulnerability_id VCID-kshz-ckjc-77ab
summary tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag helpers
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-27777
reference_id
reference_type
scores
0
value 0.01409
scoring_system epss
scoring_elements 0.80797
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-27777
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
15
reference_url https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml
17
reference_url https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
18
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-27777
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-27777
20
reference_url https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released
21
reference_url https://www.debian.org/security/2023/dsa-5372
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5372
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982
reference_id 1016982
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2080296
reference_id 2080296
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2080296
24
reference_url https://github.com/advisories/GHSA-ch3h-j2vf-95pv
reference_id GHSA-ch3h-j2vf-95pv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ch3h-j2vf-95pv
25
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
fixed_packages
0
url pkg:gem/actionview@7.0.2.4
purl pkg:gem/actionview@7.0.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jbk-xam9-4uca
1
vulnerability VCID-f48b-ashx-53bg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@7.0.2.4
aliases CVE-2022-27777, GHSA-ch3h-j2vf-95pv, GMS-2022-1138
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kshz-ckjc-77ab
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionview@7.0.0