Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/activesupport@3.1

Type gem

Namespace

Name activesupport

Version 3.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.2.3.1

Latest_non_vulnerable_version 8.1.2.1

Affected_by_vulnerabilities

url VCID-a97j-j4a4-7bg1

vulnerability_id VCID-a97j-j4a4-7bg1

summary

activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1098

reference_id

reference_type

scores

value	0.00377
scoring_system	epss
scoring_elements	0.59564
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1098

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=799275

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=799275

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098

reference_url	https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-1098

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-1098

reference_url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_url

http://www.openwall.com/lists/oss-security/2012/03/03/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/03/1

reference_url

https://github.com/advisories/GHSA-qv8p-v9qw-wc7g

reference_id

GHSA-qv8p-v9qw-wc7g

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qv8p-v9qw-wc7g

fixed_packages

url pkg:gem/activesupport@3.1.4

purl pkg:gem/activesupport@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-71et-13y6-eufu

vulnerability	VCID-b5he-f8nq-9yda

vulnerability	VCID-bfbp-7umh-2fcp

vulnerability	VCID-e4wh-thvg-5kdk

vulnerability	VCID-ejgq-s79w-abd6

vulnerability	VCID-g8nb-cs9p-b7dc

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-n7kh-9mpq-13c7

vulnerability	VCID-qswy-ngsk-yfhy

vulnerability	VCID-qvc6-ev84-fkbd

vulnerability	VCID-v3mu-95kt-ufc6

vulnerability	VCID-z8t9-md9f-qfde

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.4

url pkg:gem/activesupport@3.2.0.rc1

purl pkg:gem/activesupport@3.2.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-71et-13y6-eufu

vulnerability	VCID-a97j-j4a4-7bg1

vulnerability	VCID-b5he-f8nq-9yda

vulnerability	VCID-bfbp-7umh-2fcp

vulnerability	VCID-e4wh-thvg-5kdk

vulnerability	VCID-ejgq-s79w-abd6

vulnerability	VCID-g8nb-cs9p-b7dc

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-n7kh-9mpq-13c7

vulnerability	VCID-qswy-ngsk-yfhy

vulnerability	VCID-qvc6-ev84-fkbd

vulnerability	VCID-v3mu-95kt-ufc6

vulnerability	VCID-z8t9-md9f-qfde

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.0.rc1

url pkg:gem/activesupport@3.2.2

purl pkg:gem/activesupport@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-71et-13y6-eufu

vulnerability	VCID-b5he-f8nq-9yda

vulnerability	VCID-bfbp-7umh-2fcp

vulnerability	VCID-e4wh-thvg-5kdk

vulnerability	VCID-ejgq-s79w-abd6

vulnerability	VCID-g8nb-cs9p-b7dc

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-n7kh-9mpq-13c7

vulnerability	VCID-qswy-ngsk-yfhy

vulnerability	VCID-qvc6-ev84-fkbd

vulnerability	VCID-v3mu-95kt-ufc6

vulnerability	VCID-z8t9-md9f-qfde

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.2

aliases CVE-2012-1098, GHSA-qv8p-v9qw-wc7g, OSV-79726

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a97j-j4a4-7bg1

url VCID-e4wh-thvg-5kdk

vulnerability_id VCID-e4wh-thvg-5kdk

summary

activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.r`b in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability."

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2932

reference_id

reference_type

scores

value	0.00813
scoring_system	epss
scoring_elements	0.7456
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2932

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731435

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731435

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932

reference_url	http://secunia.com/advisories/45917
reference_id
reference_type
scores
url	http://secunia.com/advisories/45917

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2932

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2932

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://github.com/advisories/GHSA-9fh3-vh3h-q4g3

reference_id

GHSA-9fh3-vh3h-q4g3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9fh3-vh3h-q4g3

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

aliases CVE-2011-2932, GHSA-9fh3-vh3h-q4g3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4wh-thvg-5kdk

url VCID-qswy-ngsk-yfhy

vulnerability_id VCID-qswy-ngsk-yfhy

summary

activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.rb` in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3464

reference_id

reference_type

scores

value	0.00245
scoring_system	epss
scoring_elements	0.47909
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3464

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464

reference_url

https://github.com/advisories/GHSA-h835-75hw-pj89

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-h835-75hw-pj89

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce

reference_url

https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23

reference_url

https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870

reference_url

https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc

reference_url

https://github.com/rails/rails/issues/7215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/issues/7215

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml

reference_url

https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3464

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3464

reference_url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=847199
reference_id	847199
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=847199

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url pkg:gem/activesupport@3.1.8

purl pkg:gem/activesupport@3.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-71et-13y6-eufu

vulnerability	VCID-b5he-f8nq-9yda

vulnerability	VCID-bfbp-7umh-2fcp

vulnerability	VCID-e4wh-thvg-5kdk

vulnerability	VCID-ejgq-s79w-abd6

vulnerability	VCID-g8nb-cs9p-b7dc

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-n7kh-9mpq-13c7

vulnerability	VCID-qvc6-ev84-fkbd

vulnerability	VCID-v3mu-95kt-ufc6

vulnerability	VCID-z8t9-md9f-qfde

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.8

url pkg:gem/activesupport@3.2.0.rc1

purl pkg:gem/activesupport@3.2.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-71et-13y6-eufu

vulnerability	VCID-a97j-j4a4-7bg1

vulnerability	VCID-b5he-f8nq-9yda

vulnerability	VCID-bfbp-7umh-2fcp

vulnerability	VCID-e4wh-thvg-5kdk

vulnerability	VCID-ejgq-s79w-abd6

vulnerability	VCID-g8nb-cs9p-b7dc

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-n7kh-9mpq-13c7

vulnerability	VCID-qswy-ngsk-yfhy

vulnerability	VCID-qvc6-ev84-fkbd

vulnerability	VCID-v3mu-95kt-ufc6

vulnerability	VCID-z8t9-md9f-qfde

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.0.rc1

url pkg:gem/activesupport@3.2.8

purl pkg:gem/activesupport@3.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-71et-13y6-eufu

vulnerability	VCID-b5he-f8nq-9yda

vulnerability	VCID-bfbp-7umh-2fcp

vulnerability	VCID-e4wh-thvg-5kdk

vulnerability	VCID-ejgq-s79w-abd6

vulnerability	VCID-g8nb-cs9p-b7dc

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-n7kh-9mpq-13c7

vulnerability	VCID-qvc6-ev84-fkbd

vulnerability	VCID-v3mu-95kt-ufc6

vulnerability	VCID-z8t9-md9f-qfde

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.8

aliases CVE-2012-3464, GHSA-h835-75hw-pj89, OSV-84516

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qswy-ngsk-yfhy

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1

Package Instance