Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie

Type deb

Namespace debian

Name rails

Version 2:4.2.5.2-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2:4.2.7.1-1

Latest_non_vulnerable_version 2:7.2.3.1+dfsg-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-832g-x9kb-3bbx

vulnerability_id VCID-832g-x9kb-3bbx

summary

actionview contains Path Traversal vulnerability
There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all possible scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097.

Versions Affected:  3.2.x, 4.0.x, 4.1.x
Not affected:       4.2+
Fixed Versions:     3.2.22.2, 4.1.14.2

Impact
------
Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability.

Impacted code will look something like this:

```ruby
def index
  render params[:id]
end
```

Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.

All users running an affected release should either upgrade or use one of the workarounds immediately.

Releases
--------
The FIXED releases are available at the normal locations.

Workarounds
-----------
A workaround to this issue is to not pass arbitrary user input to the `render` method. Instead, verify that data before passing it to the `render` method.

For example, change this:

```ruby
def index
  render params[:id]
end
```

To this:

```ruby
def index
  render verify_template(params[:id])
end

private
def verify_template(name)
  # add verification logic particular to your application here
end
```

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for it. It is in git-am format and consist of a single changeset.

* 3-2-render_data_leak_2.patch - Patch for 3.2 series
* 4-1-render_data_leak_2.patch - Patch for 4.1 series

Credits
-------
Thanks to both Jyoti Singh and Tobias Kraze from makandra for reporting this and working with us in the patch!

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2097

reference_id

reference_type

scores

value	0.01912
scoring_system	epss
scoring_elements	0.83603
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4

reference_url	https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2097

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2097

reference_url

https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122

reference_url

https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726

reference_url

https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ

reference_url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

reference_url

http://www.debian.org/security/2016/dsa-3509

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3509

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1310043
reference_id	1310043
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1310043

reference_url

https://github.com/advisories/GHSA-vx9j-46rh-fqr8

reference_id

GHSA-vx9j-46rh-fqr8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vx9j-46rh-fqr8

reference_url	https://access.redhat.com/errata/RHSA-2016:0454
reference_id	RHSA-2016:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0454

reference_url	https://access.redhat.com/errata/RHSA-2016:0455
reference_id	RHSA-2016:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0455

reference_url	https://access.redhat.com/errata/RHSA-2016:0456
reference_id	RHSA-2016:0456
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0456

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.2-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-2097, GHSA-vx9j-46rh-fqr8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-832g-x9kb-3bbx

url VCID-brwd-e9kx-xuc2

vulnerability_id VCID-brwd-e9kx-xuc2

summary

actionpack allows remote code execution via application's unrestricted use of render method
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2098

reference_id

reference_type

scores

value	0.84091
scoring_system	epss
scoring_elements	0.99319
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q

reference_url	https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2098

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2098

reference_url

https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725

reference_url

https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ

reference_url

https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122

reference_url

https://www.exploit-db.com/exploits/40086

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/40086

reference_url	https://www.exploit-db.com/exploits/40086/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/40086/

reference_url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

reference_url

http://www.debian.org/security/2016/dsa-3509

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3509

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1310054
reference_id	1310054
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1310054

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb
reference_id	CVE-2016-2098
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb

reference_url

https://github.com/advisories/GHSA-78rc-8c29-p45g

reference_id

GHSA-78rc-8c29-p45g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-78rc-8c29-p45g

reference_url	https://access.redhat.com/errata/RHSA-2016:0454
reference_id	RHSA-2016:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0454

reference_url	https://access.redhat.com/errata/RHSA-2016:0455
reference_id	RHSA-2016:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0455

reference_url	https://access.redhat.com/errata/RHSA-2016:0456
reference_id	RHSA-2016:0456
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0456

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.2-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-2098, GHSA-78rc-8c29-p45g

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brwd-e9kx-xuc2

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.2-1%3Fdistro=trixie

Package Instance