Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/rails@2:4.1.4-1?distro=trixie

Type deb

Namespace debian

Name rails

Version 2:4.1.4-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2:4.1.5-1

Latest_non_vulnerable_version 2:7.2.3.1+dfsg-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-seud-h84p-uugv

vulnerability_id VCID-seud-h84p-uugv

summary

SQL Injection in Active Record
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

references

reference_url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0876.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0876.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3482

reference_id

reference_type

scores

value	0.01531
scoring_system	epss
scoring_elements	0.81615
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3482

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b

reference_url

https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3482

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3482

reference_url

http://www.debian.org/security/2014/dsa-2982

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2014/dsa-2982

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1114425
reference_id	1114425
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1114425

reference_url

https://github.com/advisories/GHSA-mhwp-qhpc-h3jm

reference_id

GHSA-mhwp-qhpc-h3jm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mhwp-qhpc-h3jm

reference_url	https://access.redhat.com/errata/RHSA-2014:0876
reference_id	RHSA-2014:0876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0876

fixed_packages

url	pkg:deb/debian/rails@2:4.1.4-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.1.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.4-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-3482, GHSA-mhwp-qhpc-h3jm, OSV-108664

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-seud-h84p-uugv

url VCID-u1sg-z8t6-audk

vulnerability_id VCID-u1sg-z8t6-audk

summary

Active Record contains SQL Injection via improper range quoting
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.

references

reference_url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0877.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0877.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3483

reference_id

reference_type

scores

value	0.00924
scoring_system	epss
scoring_elements	0.76341
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3483

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml

reference_url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

reference_url	https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3483

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3483

reference_url

https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341

reference_url

http://www.debian.org/security/2014/dsa-2982

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2014/dsa-2982

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1114427
reference_id	1114427
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1114427

reference_url

https://github.com/advisories/GHSA-r8fh-hq2p-7qhq

reference_id

GHSA-r8fh-hq2p-7qhq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r8fh-hq2p-7qhq

reference_url	https://access.redhat.com/errata/RHSA-2014:0877
reference_id	RHSA-2014:0877
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0877

fixed_packages

url	pkg:deb/debian/rails@2:4.1.4-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.1.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.4-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-3483, GHSA-r8fh-hq2p-7qhq, OSV-108665

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1sg-z8t6-audk

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.4-1%3Fdistro=trixie

Package Instance