Package Instance

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/373665?format=api",
    "purl": "pkg:alpm/archlinux/metasploit@6.0.48-1",
    "type": "alpm",
    "namespace": "archlinux",
    "name": "metasploit",
    "version": "6.0.48-1",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": null,
    "latest_non_vulnerable_version": null,
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47751?format=api",
            "vulnerability_id": "VCID-gjey-bqtd-kqa1",
            "summary": "Action Pack contains Information Disclosure / Unintended Method Execution vulnerability\nImpact\n------\nThere is a possible information disclosure / unintended method execution vulnerability in Action Pack when using the `redirect_to` or `polymorphic_url` helper with untrusted user input.\n\nVulnerable code will look like this.\n\n```\nredirect_to(params[:some_param])\n```\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nTo work around this problem, it is recommended to use an allow list for valid parameters passed from the user.  For example,\n\n```ruby\nprivate def check(param)\n  case param\n  when \"valid\"\n    param\n  else\n    \"/\"\n  end\nend\n\ndef index\n  redirect_to(check(params[:some_param]))\nend\n```\n\nOr force the user input to be cast to a string like this,\n\n```ruby\ndef index\n  redirect_to(params[:some_param].to_s)\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n* 5-2-information-disclosure.patch - Patch for 5.2 series\n* 6-0-information-disclosure.patch - Patch for 6.0 series\n* 6-1-information-disclosure.patch - Patch for 6.1 series\n\nPlease note that only the 5.2, 6.0, and 6.1 series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.\n\nCredits\n-------\n\nThanks to Benoit Côté-Jodoin from Shopify for reporting this.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22885",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.03096",
                            "scoring_system": "epss",
                            "scoring_elements": "0.86797",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.03096",
                            "scoring_system": "epss",
                            "scoring_elements": "0.86815",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.03096",
                            "scoring_system": "epss",
                            "scoring_elements": "0.86736",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.03096",
                            "scoring_system": "epss",
                            "scoring_elements": "0.86817",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.03096",
                            "scoring_system": "epss",
                            "scoring_elements": "0.86812",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.03096",
                            "scoring_system": "epss",
                            "scoring_elements": "0.86746",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.03096",
                            "scoring_system": "epss",
                            "scoring_elements": "0.86765",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.03096",
                            "scoring_system": "epss",
                            "scoring_elements": "0.86763",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.03096",
                            "scoring_system": "epss",
                            "scoring_elements": "0.86783",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.03096",
                            "scoring_system": "epss",
                            "scoring_elements": "0.86791",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.03096",
                            "scoring_system": "epss",
                            "scoring_elements": "0.86805",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.03096",
                            "scoring_system": "epss",
                            "scoring_elements": "0.86802",
                            "published_at": "2026-04-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22885"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml"
                },
                {
                    "reference_url": "https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI"
                },
                {
                    "reference_url": "https://hackerone.com/reports/1106652",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://hackerone.com/reports/1106652"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22885",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22885"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.netapp.com/advisory/ntap-20210805-0009"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.netapp.com/advisory/ntap-20210805-0009/"
                },
                {
                    "reference_url": "https://www.debian.org/security/2021/dsa-4929",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://www.debian.org/security/2021/dsa-4929"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957441",
                    "reference_id": "1957441",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957441"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214",
                    "reference_id": "988214",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-1920",
                    "reference_id": "AVG-1920",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "Medium",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-1920"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-1921",
                    "reference_id": "AVG-1921",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "Medium",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-1921"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2090",
                    "reference_id": "AVG-2090",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "Medium",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2090"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2223",
                    "reference_id": "AVG-2223",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "Medium",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2223"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-hjg4-8q5f-x6fm",
                    "reference_id": "GHSA-hjg4-8q5f-x6fm",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-hjg4-8q5f-x6fm"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702",
                    "reference_id": "RHSA-2021:4702",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:4702"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/373665?format=api",
                    "purl": "pkg:alpm/archlinux/metasploit@6.0.48-1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/metasploit@6.0.48-1"
                }
            ],
            "aliases": [
                "CVE-2021-22885",
                "GHSA-hjg4-8q5f-x6fm"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gjey-bqtd-kqa1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47410?format=api",
            "vulnerability_id": "VCID-wg3a-j2dp-ayh4",
            "summary": "Possible DoS Vulnerability in Action Controller Token Authentication\nThere is a possible DoS vulnerability in the Token Authentication logic in Action Controller.\n\nVersions Affected:  >= 4.0.0\nNot affected:       < 4.0.0\nFixed Versions:     6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6\n\nImpact\n------\nImpacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.  Impacted code will look something like this:\n\n```\nclass PostsController < ApplicationController\n  before_action :authenticate\n\n  private\n\n  def authenticate\n    authenticate_or_request_with_http_token do |token, options|\n      # ...\n    end\n  end\nend\n```\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThe following monkey patch placed in an initializer can be used to work around the issue:\n\n```ruby\nmodule ActionController::HttpAuthentication::Token\n  AUTHN_PAIR_DELIMITERS = /(?:,|;|\\t)/\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n* 5-2-http-authentication-dos.patch - Patch for 5.2 series\n* 6-0-http-authentication-dos.patch - Patch for 6.0 series\n* 6-1-http-authentication-dos.patch - Patch for 6.1 series\n\nPlease note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.\n\nCredits\n-------\nThank you to https://hackerone.com/wonda_tea_coffee for reporting this issue!",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.07856",
                            "scoring_system": "epss",
                            "scoring_elements": "0.92015",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.07856",
                            "scoring_system": "epss",
                            "scoring_elements": "0.92019",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.07856",
                            "scoring_system": "epss",
                            "scoring_elements": "0.92022",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.07856",
                            "scoring_system": "epss",
                            "scoring_elements": "0.92007",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.07856",
                            "scoring_system": "epss",
                            "scoring_elements": "0.92004",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.07856",
                            "scoring_system": "epss",
                            "scoring_elements": "0.92",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.07856",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91966",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.07856",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91987",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.07856",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91981",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.07856",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91974",
                            "published_at": "2026-04-02T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904"
                },
                {
                    "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://github.com/rails/rails",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/rails/rails"
                },
                {
                    "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.4.6",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/rails/rails/releases/tag/v5.2.4.6"
                },
                {
                    "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.6",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/rails/rails/releases/tag/v5.2.6"
                },
                {
                    "reference_url": "https://github.com/rails/rails/releases/tag/v6.0.3.7",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/rails/rails/releases/tag/v6.0.3.7"
                },
                {
                    "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.3.2",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/rails/rails/releases/tag/v6.1.3.2"
                },
                {
                    "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml"
                },
                {
                    "reference_url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ"
                },
                {
                    "reference_url": "https://hackerone.com/reports/1101125",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://hackerone.com/reports/1101125"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.netapp.com/advisory/ntap-20210805-0009"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.netapp.com/advisory/ntap-20210805-0009/"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379",
                    "reference_id": "1961379",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214",
                    "reference_id": "988214",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-1920",
                    "reference_id": "AVG-1920",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "Medium",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-1920"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-1921",
                    "reference_id": "AVG-1921",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "Medium",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-1921"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2090",
                    "reference_id": "AVG-2090",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "Medium",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2090"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2223",
                    "reference_id": "AVG-2223",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "Medium",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2223"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-7wjx-3g7j-8584",
                    "reference_id": "GHSA-7wjx-3g7j-8584",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-7wjx-3g7j-8584"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702",
                    "reference_id": "RHSA-2021:4702",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:4702"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/373665?format=api",
                    "purl": "pkg:alpm/archlinux/metasploit@6.0.48-1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/metasploit@6.0.48-1"
                }
            ],
            "aliases": [
                "CVE-2021-22904",
                "GHSA-7wjx-3g7j-8584"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wg3a-j2dp-ayh4"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/metasploit@6.0.48-1"
}