Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/rails@1.1.5-1?distro=trixie

Type deb

Namespace debian

Name rails

Version 1.1.5-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.1.6-1

Latest_non_vulnerable_version 2:7.2.3.1+dfsg-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-w8ez-zf1z-qubq

vulnerability_id VCID-w8ez-zf1z-qubq

summary

Ruby on Rails vulnerable to code injection
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.

references

reference_url

http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-4111

reference_id

reference_type

scores

value	0.03984
scoring_system	epss
scoring_elements	0.886
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-4111

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4111
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4111

reference_url

https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2006-4111

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2006-4111

reference_url

https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454

reference_url

https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673

reference_url

http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits

reference_url

http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml

reference_url

http://www.novell.com/linux/security/advisories/2006_21_sr.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.novell.com/linux/security/advisories/2006_21_sr.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255
reference_id	382255
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255

reference_url

https://github.com/advisories/GHSA-rvpq-5xqx-pfpp

reference_id

GHSA-rvpq-5xqx-pfpp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rvpq-5xqx-pfpp

reference_url	https://security.gentoo.org/glsa/200608-20
reference_id	GLSA-200608-20
reference_type
scores
url	https://security.gentoo.org/glsa/200608-20

fixed_packages

url	pkg:deb/debian/rails@1.1.5-1?distro=trixie
purl	pkg:deb/debian/rails@1.1.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.1.5-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2006-4111, GHSA-rvpq-5xqx-pfpp

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ez-zf1z-qubq

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.1.5-1%3Fdistro=trixie

Package Instance