Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie

Type deb

Namespace debian

Name rails

Version 2:5.2.2+dfsg-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2:5.2.2.1+dfsg-1

Latest_non_vulnerable_version 2:7.2.3.1+dfsg-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2q3z-t4mp-aqdx

vulnerability_id VCID-2q3z-t4mp-aqdx

summary

Exposure of Sensitive Information to an Unauthorized Actor in activestorage
A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path.

Vulnerable apps are those using either GCS or the Disk service in production. Other storage services such as S3 or Azure aren't affected.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16477

reference_id

reference_type

scores

value	0.0026
scoring_system	epss
scoring_elements	0.49561
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16477

reference_url

https://github.com/advisories/GHSA-7rr7-rcjw-56vj

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-7rr7-rcjw-56vj

reference_url

https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-16477

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-16477

reference_url

https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released

reference_url	https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/
reference_id
reference_type
scores
url	https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848
reference_id	914848
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848

fixed_packages

url	pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2018-16477, GHSA-7rr7-rcjw-56vj

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2q3z-t4mp-aqdx

url VCID-xkt5-d1x6-nbdx

vulnerability_id VCID-xkt5-d1x6-nbdx

summary

Improper Access Control in activejob
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:0600

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0600

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16476.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16476.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16476

reference_id

reference_type

scores

value	0.00791
scoring_system	epss
scoring_elements	0.74189
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16476

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16476
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16476

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/970b0d754be7c71a760d9b807eea32297fd838e3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/970b0d754be7c71a760d9b807eea32297fd838e3

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/CVE-2018-16476.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/CVE-2018-16476.yml

reference_url

https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-16476

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-16476

reference_url

https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released

reference_url	https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/
reference_id
reference_type
scores
url	https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1659223
reference_id	1659223
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1659223

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914847
reference_id	914847
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914847

reference_url

https://github.com/advisories/GHSA-q2qw-rmrh-vv42

reference_id

GHSA-q2qw-rmrh-vv42

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q2qw-rmrh-vv42

fixed_packages

url	pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ghz-4sfg-2feh

vulnerability	VCID-5bzk-rhe1-fqdc

vulnerability	VCID-7zz5-k99f-v3f6

vulnerability	VCID-f48b-ashx-53bg

vulnerability	VCID-gbvf-y28h-kqax

vulnerability	VCID-hdsb-jx4g-fqf6

vulnerability	VCID-nwk7-sujd-nkc1

vulnerability	VCID-urpb-uk1z-vqga

vulnerability	VCID-v3mu-95kt-ufc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2018-16476, GHSA-q2qw-rmrh-vv42

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xkt5-d1x6-nbdx

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2%252Bdfsg-1%3Fdistro=trixie

Package Instance