Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/activerecord@3.0.12
Typegem
Namespace
Nameactiverecord
Version3.0.12
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.1.5.2
Latest_non_vulnerable_version8.0.2.1
Affected_by_vulnerabilities
0
url VCID-5vcg-bgpn-9fhs
vulnerability_id VCID-5vcg-bgpn-9fhs
summary 
Active Record allows bypassing of database-query restrictions
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
references
0
reference_url http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
1
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0155
reference_id
reference_type
scores
0
value 0.18174
scoring_system epss
scoring_elements 0.95304
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0155
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml
11
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI
12
reference_url https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0155
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0155
14
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
15
reference_url http://www.debian.org/security/2013/dsa-2609
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2609
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=892866
reference_id 892866
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=892866
17
reference_url https://github.com/advisories/GHSA-gppp-5xc5-wfpx
reference_id GHSA-gppp-5xc5-wfpx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gppp-5xc5-wfpx
18
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
19
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
20
reference_url https://access.redhat.com/errata/RHSA-2013:0155
reference_id RHSA-2013:0155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0155
fixed_packages
0
url pkg:gem/activerecord@3.0.19
purl pkg:gem/activerecord@3.0.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8uqv-cr1v-fbbm
1
vulnerability VCID-a5js-1u9t-bfan
2
vulnerability VCID-b2vm-7rth-mqhj
3
vulnerability VCID-dbvw-1xvz-63b8
4
vulnerability VCID-dp3h-z1zs-ufba
5
vulnerability VCID-er3j-4ygz-kqdx
6
vulnerability VCID-nzb9-vn9k-jbgs
7
vulnerability VCID-qv5s-vase-2qas
8
vulnerability VCID-seud-h84p-uugv
9
vulnerability VCID-u1sg-z8t6-audk
10
vulnerability VCID-vta6-rneu-jbgg
11
vulnerability VCID-wz1m-798r-8yez
12
vulnerability VCID-xmwx-eqjn-pba9
13
vulnerability VCID-xnj2-tbzn-tff6
14
vulnerability VCID-y922-r53a-rke5
15
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.19
1
url pkg:gem/activerecord@3.1.0.beta1
purl pkg:gem/activerecord@3.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8umt-dz29-p3ck
2
vulnerability VCID-8uqv-cr1v-fbbm
3
vulnerability VCID-a5js-1u9t-bfan
4
vulnerability VCID-b2vm-7rth-mqhj
5
vulnerability VCID-dbvw-1xvz-63b8
6
vulnerability VCID-dp3h-z1zs-ufba
7
vulnerability VCID-er3j-4ygz-kqdx
8
vulnerability VCID-mnh7-4rvx-suay
9
vulnerability VCID-nzb9-vn9k-jbgs
10
vulnerability VCID-q8un-ngwx-5kaw
11
vulnerability VCID-qv5s-vase-2qas
12
vulnerability VCID-seud-h84p-uugv
13
vulnerability VCID-u1sg-z8t6-audk
14
vulnerability VCID-vta6-rneu-jbgg
15
vulnerability VCID-wz1m-798r-8yez
16
vulnerability VCID-xej7-nkc8-dkez
17
vulnerability VCID-xmwx-eqjn-pba9
18
vulnerability VCID-xnj2-tbzn-tff6
19
vulnerability VCID-y922-r53a-rke5
20
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1
2
url pkg:gem/activerecord@3.1.10
purl pkg:gem/activerecord@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8uqv-cr1v-fbbm
1
vulnerability VCID-a5js-1u9t-bfan
2
vulnerability VCID-b2vm-7rth-mqhj
3
vulnerability VCID-dbvw-1xvz-63b8
4
vulnerability VCID-dp3h-z1zs-ufba
5
vulnerability VCID-er3j-4ygz-kqdx
6
vulnerability VCID-nzb9-vn9k-jbgs
7
vulnerability VCID-q8un-ngwx-5kaw
8
vulnerability VCID-qv5s-vase-2qas
9
vulnerability VCID-seud-h84p-uugv
10
vulnerability VCID-u1sg-z8t6-audk
11
vulnerability VCID-vta6-rneu-jbgg
12
vulnerability VCID-wz1m-798r-8yez
13
vulnerability VCID-xmwx-eqjn-pba9
14
vulnerability VCID-xnj2-tbzn-tff6
15
vulnerability VCID-y922-r53a-rke5
16
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.10
3
url pkg:gem/activerecord@3.2.0.rc1
purl pkg:gem/activerecord@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8umt-dz29-p3ck
2
vulnerability VCID-8uqv-cr1v-fbbm
3
vulnerability VCID-a5js-1u9t-bfan
4
vulnerability VCID-b2vm-7rth-mqhj
5
vulnerability VCID-dbvw-1xvz-63b8
6
vulnerability VCID-dp3h-z1zs-ufba
7
vulnerability VCID-er3j-4ygz-kqdx
8
vulnerability VCID-mnh7-4rvx-suay
9
vulnerability VCID-nzb9-vn9k-jbgs
10
vulnerability VCID-q8un-ngwx-5kaw
11
vulnerability VCID-qv5s-vase-2qas
12
vulnerability VCID-seud-h84p-uugv
13
vulnerability VCID-u1sg-z8t6-audk
14
vulnerability VCID-vta6-rneu-jbgg
15
vulnerability VCID-wz1m-798r-8yez
16
vulnerability VCID-xej7-nkc8-dkez
17
vulnerability VCID-xmwx-eqjn-pba9
18
vulnerability VCID-xnj2-tbzn-tff6
19
vulnerability VCID-y922-r53a-rke5
20
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1
4
url pkg:gem/activerecord@3.2.11
purl pkg:gem/activerecord@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8uqv-cr1v-fbbm
1
vulnerability VCID-a5js-1u9t-bfan
2
vulnerability VCID-b2vm-7rth-mqhj
3
vulnerability VCID-dbvw-1xvz-63b8
4
vulnerability VCID-dp3h-z1zs-ufba
5
vulnerability VCID-er3j-4ygz-kqdx
6
vulnerability VCID-nzb9-vn9k-jbgs
7
vulnerability VCID-q8un-ngwx-5kaw
8
vulnerability VCID-qv5s-vase-2qas
9
vulnerability VCID-seud-h84p-uugv
10
vulnerability VCID-u1sg-z8t6-audk
11
vulnerability VCID-vta6-rneu-jbgg
12
vulnerability VCID-wz1m-798r-8yez
13
vulnerability VCID-xmwx-eqjn-pba9
14
vulnerability VCID-xnj2-tbzn-tff6
15
vulnerability VCID-y922-r53a-rke5
16
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.11
aliases CVE-2013-0155, GHSA-gppp-5xc5-wfpx, OSV-89025
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vcg-bgpn-9fhs
1
url VCID-8umt-dz29-p3ck
vulnerability_id VCID-8umt-dz29-p3ck
summary 
Active Record vulnerable to SQL Injection via nested query parameters
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2661
reference_id
reference_type
scores
0
value 0.00627
scoring_system epss
scoring_elements 0.70556
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2661
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
7
reference_url https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
9
reference_url https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2661
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2661
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=827363
reference_id 827363
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=827363
12
reference_url https://github.com/advisories/GHSA-fh39-v733-mxfr
reference_id GHSA-fh39-v733-mxfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh39-v733-mxfr
13
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
14
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/activerecord@3.0.13
purl pkg:gem/activerecord@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8uqv-cr1v-fbbm
2
vulnerability VCID-a5js-1u9t-bfan
3
vulnerability VCID-b2vm-7rth-mqhj
4
vulnerability VCID-dbvw-1xvz-63b8
5
vulnerability VCID-dp3h-z1zs-ufba
6
vulnerability VCID-er3j-4ygz-kqdx
7
vulnerability VCID-nzb9-vn9k-jbgs
8
vulnerability VCID-qv5s-vase-2qas
9
vulnerability VCID-seud-h84p-uugv
10
vulnerability VCID-u1sg-z8t6-audk
11
vulnerability VCID-vta6-rneu-jbgg
12
vulnerability VCID-wz1m-798r-8yez
13
vulnerability VCID-xej7-nkc8-dkez
14
vulnerability VCID-xmwx-eqjn-pba9
15
vulnerability VCID-xnj2-tbzn-tff6
16
vulnerability VCID-y922-r53a-rke5
17
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13
1
url pkg:gem/activerecord@3.1.0.beta1
purl pkg:gem/activerecord@3.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8umt-dz29-p3ck
2
vulnerability VCID-8uqv-cr1v-fbbm
3
vulnerability VCID-a5js-1u9t-bfan
4
vulnerability VCID-b2vm-7rth-mqhj
5
vulnerability VCID-dbvw-1xvz-63b8
6
vulnerability VCID-dp3h-z1zs-ufba
7
vulnerability VCID-er3j-4ygz-kqdx
8
vulnerability VCID-mnh7-4rvx-suay
9
vulnerability VCID-nzb9-vn9k-jbgs
10
vulnerability VCID-q8un-ngwx-5kaw
11
vulnerability VCID-qv5s-vase-2qas
12
vulnerability VCID-seud-h84p-uugv
13
vulnerability VCID-u1sg-z8t6-audk
14
vulnerability VCID-vta6-rneu-jbgg
15
vulnerability VCID-wz1m-798r-8yez
16
vulnerability VCID-xej7-nkc8-dkez
17
vulnerability VCID-xmwx-eqjn-pba9
18
vulnerability VCID-xnj2-tbzn-tff6
19
vulnerability VCID-y922-r53a-rke5
20
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1
2
url pkg:gem/activerecord@3.1.5
purl pkg:gem/activerecord@3.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8uqv-cr1v-fbbm
2
vulnerability VCID-a5js-1u9t-bfan
3
vulnerability VCID-b2vm-7rth-mqhj
4
vulnerability VCID-dbvw-1xvz-63b8
5
vulnerability VCID-dp3h-z1zs-ufba
6
vulnerability VCID-er3j-4ygz-kqdx
7
vulnerability VCID-nzb9-vn9k-jbgs
8
vulnerability VCID-q8un-ngwx-5kaw
9
vulnerability VCID-qv5s-vase-2qas
10
vulnerability VCID-seud-h84p-uugv
11
vulnerability VCID-u1sg-z8t6-audk
12
vulnerability VCID-vta6-rneu-jbgg
13
vulnerability VCID-wz1m-798r-8yez
14
vulnerability VCID-xej7-nkc8-dkez
15
vulnerability VCID-xmwx-eqjn-pba9
16
vulnerability VCID-xnj2-tbzn-tff6
17
vulnerability VCID-y922-r53a-rke5
18
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5
3
url pkg:gem/activerecord@3.2.0.rc1
purl pkg:gem/activerecord@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8umt-dz29-p3ck
2
vulnerability VCID-8uqv-cr1v-fbbm
3
vulnerability VCID-a5js-1u9t-bfan
4
vulnerability VCID-b2vm-7rth-mqhj
5
vulnerability VCID-dbvw-1xvz-63b8
6
vulnerability VCID-dp3h-z1zs-ufba
7
vulnerability VCID-er3j-4ygz-kqdx
8
vulnerability VCID-mnh7-4rvx-suay
9
vulnerability VCID-nzb9-vn9k-jbgs
10
vulnerability VCID-q8un-ngwx-5kaw
11
vulnerability VCID-qv5s-vase-2qas
12
vulnerability VCID-seud-h84p-uugv
13
vulnerability VCID-u1sg-z8t6-audk
14
vulnerability VCID-vta6-rneu-jbgg
15
vulnerability VCID-wz1m-798r-8yez
16
vulnerability VCID-xej7-nkc8-dkez
17
vulnerability VCID-xmwx-eqjn-pba9
18
vulnerability VCID-xnj2-tbzn-tff6
19
vulnerability VCID-y922-r53a-rke5
20
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1
4
url pkg:gem/activerecord@3.2.4
purl pkg:gem/activerecord@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8uqv-cr1v-fbbm
2
vulnerability VCID-a5js-1u9t-bfan
3
vulnerability VCID-b2vm-7rth-mqhj
4
vulnerability VCID-dbvw-1xvz-63b8
5
vulnerability VCID-dp3h-z1zs-ufba
6
vulnerability VCID-er3j-4ygz-kqdx
7
vulnerability VCID-nzb9-vn9k-jbgs
8
vulnerability VCID-q8un-ngwx-5kaw
9
vulnerability VCID-qv5s-vase-2qas
10
vulnerability VCID-seud-h84p-uugv
11
vulnerability VCID-u1sg-z8t6-audk
12
vulnerability VCID-vta6-rneu-jbgg
13
vulnerability VCID-wz1m-798r-8yez
14
vulnerability VCID-xej7-nkc8-dkez
15
vulnerability VCID-xmwx-eqjn-pba9
16
vulnerability VCID-xnj2-tbzn-tff6
17
vulnerability VCID-y922-r53a-rke5
18
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4
aliases CVE-2012-2661, GHSA-fh39-v733-mxfr, OSV-82403
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8umt-dz29-p3ck
2
url VCID-8uqv-cr1v-fbbm
vulnerability_id VCID-8uqv-cr1v-fbbm
summary 
Active Record contains deserialization of arbitrary YAML
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
references
0
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0277
reference_id
reference_type
scores
0
value 0.06742
scoring_system epss
scoring_elements 0.91424
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0277
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277
5
reference_url http://securitytracker.com/id?1028109
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://securitytracker.com/id?1028109
6
reference_url https://github.com/rails/rails/tree/v6.1.4.1/activerecord
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/tree/v6.1.4.1/activerecord
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml
8
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU
9
reference_url https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0277
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0277
11
reference_url https://puppet.com/security/cve/cve-2013-0277
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2013-0277
12
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
13
reference_url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
14
reference_url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
15
reference_url http://www.debian.org/security/2013/dsa-2620
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2620
16
reference_url http://www.openwall.com/lists/oss-security/2013/02/11/6
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/11/6
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=909633
reference_id 909633
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=909633
18
reference_url https://github.com/advisories/GHSA-fhj9-cjjh-27vm
reference_id GHSA-fhj9-cjjh-27vm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fhj9-cjjh-27vm
19
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/activerecord@3.1.0
purl pkg:gem/activerecord@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8umt-dz29-p3ck
2
vulnerability VCID-8uqv-cr1v-fbbm
3
vulnerability VCID-a5js-1u9t-bfan
4
vulnerability VCID-b2vm-7rth-mqhj
5
vulnerability VCID-dbvw-1xvz-63b8
6
vulnerability VCID-dp3h-z1zs-ufba
7
vulnerability VCID-er3j-4ygz-kqdx
8
vulnerability VCID-mnh7-4rvx-suay
9
vulnerability VCID-nzb9-vn9k-jbgs
10
vulnerability VCID-q8un-ngwx-5kaw
11
vulnerability VCID-qv5s-vase-2qas
12
vulnerability VCID-seud-h84p-uugv
13
vulnerability VCID-u1sg-z8t6-audk
14
vulnerability VCID-vta6-rneu-jbgg
15
vulnerability VCID-wz1m-798r-8yez
16
vulnerability VCID-xej7-nkc8-dkez
17
vulnerability VCID-xmwx-eqjn-pba9
18
vulnerability VCID-xnj2-tbzn-tff6
19
vulnerability VCID-y922-r53a-rke5
20
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0
aliases CVE-2013-0277, GHSA-fhj9-cjjh-27vm, OSV-90073
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8uqv-cr1v-fbbm
3
url VCID-a5js-1u9t-bfan
vulnerability_id VCID-a5js-1u9t-bfan
summary 
Active Record subject to strong parameters protection bypass
`activerecord/lib/active_record/relation/query_methods.rb` in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes `create_with` calls.
references
0
reference_url http://openwall.com/lists/oss-security/2014/08/18/10
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/08/18/10
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1102.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1102.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3514
reference_id
reference_type
scores
0
value 0.00331
scoring_system epss
scoring_elements 0.56253
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3514
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml
6
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
7
reference_url https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
8
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3514
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3514
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1131240
reference_id 1131240
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1131240
11
reference_url https://github.com/advisories/GHSA-9rf5-jm6f-2fmm
reference_id GHSA-9rf5-jm6f-2fmm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9rf5-jm6f-2fmm
12
reference_url https://access.redhat.com/errata/RHSA-2014:1102
reference_id RHSA-2014:1102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1102
fixed_packages
0
url pkg:gem/activerecord@4.0.9
purl pkg:gem/activerecord@4.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cbdn-yhbu-5uaj
1
vulnerability VCID-dbvw-1xvz-63b8
2
vulnerability VCID-dp3h-z1zs-ufba
3
vulnerability VCID-er3j-4ygz-kqdx
4
vulnerability VCID-nzb9-vn9k-jbgs
5
vulnerability VCID-q8un-ngwx-5kaw
6
vulnerability VCID-wz1m-798r-8yez
7
vulnerability VCID-xmwx-eqjn-pba9
8
vulnerability VCID-xnj2-tbzn-tff6
9
vulnerability VCID-y922-r53a-rke5
10
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.9
1
url pkg:gem/activerecord@4.1.0.beta1
purl pkg:gem/activerecord@4.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5js-1u9t-bfan
1
vulnerability VCID-cbdn-yhbu-5uaj
2
vulnerability VCID-dbvw-1xvz-63b8
3
vulnerability VCID-dp3h-z1zs-ufba
4
vulnerability VCID-er3j-4ygz-kqdx
5
vulnerability VCID-nzb9-vn9k-jbgs
6
vulnerability VCID-q8un-ngwx-5kaw
7
vulnerability VCID-qv5s-vase-2qas
8
vulnerability VCID-seud-h84p-uugv
9
vulnerability VCID-u1sg-z8t6-audk
10
vulnerability VCID-wz1m-798r-8yez
11
vulnerability VCID-xmwx-eqjn-pba9
12
vulnerability VCID-xnj2-tbzn-tff6
13
vulnerability VCID-y922-r53a-rke5
14
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1
2
url pkg:gem/activerecord@4.1.5
purl pkg:gem/activerecord@4.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cbdn-yhbu-5uaj
1
vulnerability VCID-dbvw-1xvz-63b8
2
vulnerability VCID-dp3h-z1zs-ufba
3
vulnerability VCID-er3j-4ygz-kqdx
4
vulnerability VCID-nzb9-vn9k-jbgs
5
vulnerability VCID-q8un-ngwx-5kaw
6
vulnerability VCID-wz1m-798r-8yez
7
vulnerability VCID-xmwx-eqjn-pba9
8
vulnerability VCID-xnj2-tbzn-tff6
9
vulnerability VCID-y922-r53a-rke5
10
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.5
aliases CVE-2014-3514, GHSA-9rf5-jm6f-2fmm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a5js-1u9t-bfan
4
url VCID-b2vm-7rth-mqhj
vulnerability_id VCID-b2vm-7rth-mqhj
summary 
Active Record Improper Input Validation
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
references
0
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
1
reference_url http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html
6
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2013-0699.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0699.html
8
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
9
reference_url https://access.redhat.com/errata/RHSA-2013:0699
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0699
10
reference_url https://access.redhat.com/errata/RHSA-2014:1863
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1863
11
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json
12
reference_url https://access.redhat.com/security/cve/CVE-2013-1854
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-1854
13
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1854
reference_id
reference_type
scores
0
value 0.01795
scoring_system epss
scoring_elements 0.83075
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1854
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=921329
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=921329
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml
17
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE
18
reference_url https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1854
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1854
20
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
21
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
22
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
23
reference_url https://github.com/advisories/GHSA-3crr-9vmg-864v
reference_id GHSA-3crr-9vmg-864v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3crr-9vmg-864v
24
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/activerecord@3.1.12
purl pkg:gem/activerecord@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5js-1u9t-bfan
1
vulnerability VCID-b2vm-7rth-mqhj
2
vulnerability VCID-dbvw-1xvz-63b8
3
vulnerability VCID-dp3h-z1zs-ufba
4
vulnerability VCID-er3j-4ygz-kqdx
5
vulnerability VCID-nzb9-vn9k-jbgs
6
vulnerability VCID-q8un-ngwx-5kaw
7
vulnerability VCID-qv5s-vase-2qas
8
vulnerability VCID-seud-h84p-uugv
9
vulnerability VCID-u1sg-z8t6-audk
10
vulnerability VCID-wz1m-798r-8yez
11
vulnerability VCID-xmwx-eqjn-pba9
12
vulnerability VCID-xnj2-tbzn-tff6
13
vulnerability VCID-y922-r53a-rke5
14
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.12
1
url pkg:gem/activerecord@3.2.13
purl pkg:gem/activerecord@3.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5js-1u9t-bfan
1
vulnerability VCID-b2vm-7rth-mqhj
2
vulnerability VCID-dbvw-1xvz-63b8
3
vulnerability VCID-dp3h-z1zs-ufba
4
vulnerability VCID-er3j-4ygz-kqdx
5
vulnerability VCID-nzb9-vn9k-jbgs
6
vulnerability VCID-q8un-ngwx-5kaw
7
vulnerability VCID-qv5s-vase-2qas
8
vulnerability VCID-seud-h84p-uugv
9
vulnerability VCID-u1sg-z8t6-audk
10
vulnerability VCID-wz1m-798r-8yez
11
vulnerability VCID-xmwx-eqjn-pba9
12
vulnerability VCID-xnj2-tbzn-tff6
13
vulnerability VCID-y922-r53a-rke5
14
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.13
aliases CVE-2013-1854, GHSA-3crr-9vmg-864v, OSV-91453
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b2vm-7rth-mqhj
5
url VCID-dbvw-1xvz-63b8
vulnerability_id VCID-dbvw-1xvz-63b8
summary 
activerecord vulnerable to SQL Injection
The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2695
reference_id
reference_type
scores
0
value 0.00637
scoring_system epss
scoring_elements 0.70807
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2695
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml
10
reference_url https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain
11
reference_url https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2695
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2695
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=831573
reference_id 831573
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=831573
14
reference_url https://github.com/advisories/GHSA-76wq-xw4h-f8wj
reference_id GHSA-76wq-xw4h-f8wj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-76wq-xw4h-f8wj
15
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
16
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/activerecord@3.0.14
purl pkg:gem/activerecord@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8uqv-cr1v-fbbm
2
vulnerability VCID-a5js-1u9t-bfan
3
vulnerability VCID-b2vm-7rth-mqhj
4
vulnerability VCID-dbvw-1xvz-63b8
5
vulnerability VCID-dp3h-z1zs-ufba
6
vulnerability VCID-er3j-4ygz-kqdx
7
vulnerability VCID-nzb9-vn9k-jbgs
8
vulnerability VCID-qv5s-vase-2qas
9
vulnerability VCID-seud-h84p-uugv
10
vulnerability VCID-u1sg-z8t6-audk
11
vulnerability VCID-vta6-rneu-jbgg
12
vulnerability VCID-wz1m-798r-8yez
13
vulnerability VCID-xej7-nkc8-dkez
14
vulnerability VCID-xmwx-eqjn-pba9
15
vulnerability VCID-xnj2-tbzn-tff6
16
vulnerability VCID-y922-r53a-rke5
17
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.14
1
url pkg:gem/activerecord@3.1.6
purl pkg:gem/activerecord@3.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8uqv-cr1v-fbbm
2
vulnerability VCID-a5js-1u9t-bfan
3
vulnerability VCID-b2vm-7rth-mqhj
4
vulnerability VCID-dbvw-1xvz-63b8
5
vulnerability VCID-dp3h-z1zs-ufba
6
vulnerability VCID-er3j-4ygz-kqdx
7
vulnerability VCID-nzb9-vn9k-jbgs
8
vulnerability VCID-q8un-ngwx-5kaw
9
vulnerability VCID-qv5s-vase-2qas
10
vulnerability VCID-seud-h84p-uugv
11
vulnerability VCID-u1sg-z8t6-audk
12
vulnerability VCID-vta6-rneu-jbgg
13
vulnerability VCID-wz1m-798r-8yez
14
vulnerability VCID-xej7-nkc8-dkez
15
vulnerability VCID-xmwx-eqjn-pba9
16
vulnerability VCID-xnj2-tbzn-tff6
17
vulnerability VCID-y922-r53a-rke5
18
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.6
2
url pkg:gem/activerecord@3.2.6
purl pkg:gem/activerecord@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8uqv-cr1v-fbbm
2
vulnerability VCID-a5js-1u9t-bfan
3
vulnerability VCID-b2vm-7rth-mqhj
4
vulnerability VCID-dbvw-1xvz-63b8
5
vulnerability VCID-dp3h-z1zs-ufba
6
vulnerability VCID-er3j-4ygz-kqdx
7
vulnerability VCID-nzb9-vn9k-jbgs
8
vulnerability VCID-q8un-ngwx-5kaw
9
vulnerability VCID-qv5s-vase-2qas
10
vulnerability VCID-seud-h84p-uugv
11
vulnerability VCID-u1sg-z8t6-audk
12
vulnerability VCID-vta6-rneu-jbgg
13
vulnerability VCID-wz1m-798r-8yez
14
vulnerability VCID-xej7-nkc8-dkez
15
vulnerability VCID-xmwx-eqjn-pba9
16
vulnerability VCID-xnj2-tbzn-tff6
17
vulnerability VCID-y922-r53a-rke5
18
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.6
aliases CVE-2012-2695, GHSA-76wq-xw4h-f8wj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dbvw-1xvz-63b8
6
url VCID-dp3h-z1zs-ufba
vulnerability_id VCID-dp3h-z1zs-ufba
summary activerecord: Possible RCE escalation bug with Serialized Columns in Active Record
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-32224
reference_id
reference_type
scores
0
value 0.01897
scoring_system epss
scoring_elements 0.83531
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-32224
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224
3
reference_url https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/
url https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
6
reference_url https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a
7
reference_url https://github.com/rails/rails/commits/main/activerecord
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commits/main/activerecord
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml
9
reference_url https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/
url https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
10
reference_url https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-32224
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-32224
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140
reference_id 1016140
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2108997
reference_id 2108997
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2108997
14
reference_url https://security.gentoo.org/glsa/202408-24
reference_id GLSA-202408-24
reference_type
scores
url https://security.gentoo.org/glsa/202408-24
15
reference_url https://access.redhat.com/errata/RHSA-2023:0261
reference_id RHSA-2023:0261
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0261
16
reference_url https://access.redhat.com/errata/RHSA-2023:1151
reference_id RHSA-2023:1151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1151
17
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
fixed_packages
0
url pkg:gem/activerecord@5.2.8.1
purl pkg:gem/activerecord@5.2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzb9-vn9k-jbgs
1
vulnerability VCID-xnj2-tbzn-tff6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.2.8.1
1
url pkg:gem/activerecord@6.0.0.beta1
purl pkg:gem/activerecord@6.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzb9-vn9k-jbgs
1
vulnerability VCID-xnj2-tbzn-tff6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.0.beta1
2
url pkg:gem/activerecord@6.0.5.1
purl pkg:gem/activerecord@6.0.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzb9-vn9k-jbgs
1
vulnerability VCID-whvz-g2g9-auek
2
vulnerability VCID-xnj2-tbzn-tff6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.5.1
3
url pkg:gem/activerecord@6.1.0.rc1
purl pkg:gem/activerecord@6.1.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzb9-vn9k-jbgs
1
vulnerability VCID-xnj2-tbzn-tff6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.0.rc1
4
url pkg:gem/activerecord@6.1.6.1
purl pkg:gem/activerecord@6.1.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzb9-vn9k-jbgs
1
vulnerability VCID-whvz-g2g9-auek
2
vulnerability VCID-xnj2-tbzn-tff6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.6.1
5
url pkg:gem/activerecord@7.0.0.alpha1
purl pkg:gem/activerecord@7.0.0.alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xnj2-tbzn-tff6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.0.alpha1
6
url pkg:gem/activerecord@7.0.3.1
purl pkg:gem/activerecord@7.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzb9-vn9k-jbgs
1
vulnerability VCID-whvz-g2g9-auek
2
vulnerability VCID-xnj2-tbzn-tff6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.3.1
aliases CVE-2022-32224, GHSA-3hhc-qp5v-9p2j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dp3h-z1zs-ufba
7
url VCID-er3j-4ygz-kqdx
vulnerability_id VCID-er3j-4ygz-kqdx
summary 
activerecord vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2930
reference_id
reference_type
scores
0
value 0.00955
scoring_system epss
scoring_elements 0.76726
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2930
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=731438
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=731438
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930
5
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
6
reference_url https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2930
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2930
9
reference_url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
10
reference_url http://www.debian.org/security/2011/dsa-2301
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2301
11
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
12
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
13
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
14
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
15
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
16
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
17
reference_url https://github.com/advisories/GHSA-h6w6-xmqv-7q78
reference_id GHSA-h6w6-xmqv-7q78
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h6w6-xmqv-7q78
18
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/activerecord@3.1.0.rc5
purl pkg:gem/activerecord@3.1.0.rc5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8umt-dz29-p3ck
2
vulnerability VCID-8uqv-cr1v-fbbm
3
vulnerability VCID-a5js-1u9t-bfan
4
vulnerability VCID-b2vm-7rth-mqhj
5
vulnerability VCID-dbvw-1xvz-63b8
6
vulnerability VCID-dp3h-z1zs-ufba
7
vulnerability VCID-er3j-4ygz-kqdx
8
vulnerability VCID-mnh7-4rvx-suay
9
vulnerability VCID-nzb9-vn9k-jbgs
10
vulnerability VCID-q8un-ngwx-5kaw
11
vulnerability VCID-qv5s-vase-2qas
12
vulnerability VCID-seud-h84p-uugv
13
vulnerability VCID-u1sg-z8t6-audk
14
vulnerability VCID-vta6-rneu-jbgg
15
vulnerability VCID-wz1m-798r-8yez
16
vulnerability VCID-xej7-nkc8-dkez
17
vulnerability VCID-xmwx-eqjn-pba9
18
vulnerability VCID-xnj2-tbzn-tff6
19
vulnerability VCID-y922-r53a-rke5
20
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.rc5
1
url pkg:gem/activerecord@3.1.0
purl pkg:gem/activerecord@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8umt-dz29-p3ck
2
vulnerability VCID-8uqv-cr1v-fbbm
3
vulnerability VCID-a5js-1u9t-bfan
4
vulnerability VCID-b2vm-7rth-mqhj
5
vulnerability VCID-dbvw-1xvz-63b8
6
vulnerability VCID-dp3h-z1zs-ufba
7
vulnerability VCID-er3j-4ygz-kqdx
8
vulnerability VCID-mnh7-4rvx-suay
9
vulnerability VCID-nzb9-vn9k-jbgs
10
vulnerability VCID-q8un-ngwx-5kaw
11
vulnerability VCID-qv5s-vase-2qas
12
vulnerability VCID-seud-h84p-uugv
13
vulnerability VCID-u1sg-z8t6-audk
14
vulnerability VCID-vta6-rneu-jbgg
15
vulnerability VCID-wz1m-798r-8yez
16
vulnerability VCID-xej7-nkc8-dkez
17
vulnerability VCID-xmwx-eqjn-pba9
18
vulnerability VCID-xnj2-tbzn-tff6
19
vulnerability VCID-y922-r53a-rke5
20
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0
aliases CVE-2011-2930, GHSA-h6w6-xmqv-7q78
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-er3j-4ygz-kqdx
8
url VCID-mnh7-4rvx-suay
vulnerability_id VCID-mnh7-4rvx-suay
summary 
Action Pack contains database-query restrictions bypass
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `[nil]` values, a related issue to CVE-2012-2694.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2660
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.3656
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2660
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
10
reference_url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
14
reference_url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
15
reference_url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
16
reference_url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=827353
reference_id 827353
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=827353
19
reference_url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
reference_id GHSA-hgpp-pp89-4fgf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
20
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
21
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/activerecord@3.0.13
purl pkg:gem/activerecord@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8uqv-cr1v-fbbm
2
vulnerability VCID-a5js-1u9t-bfan
3
vulnerability VCID-b2vm-7rth-mqhj
4
vulnerability VCID-dbvw-1xvz-63b8
5
vulnerability VCID-dp3h-z1zs-ufba
6
vulnerability VCID-er3j-4ygz-kqdx
7
vulnerability VCID-nzb9-vn9k-jbgs
8
vulnerability VCID-qv5s-vase-2qas
9
vulnerability VCID-seud-h84p-uugv
10
vulnerability VCID-u1sg-z8t6-audk
11
vulnerability VCID-vta6-rneu-jbgg
12
vulnerability VCID-wz1m-798r-8yez
13
vulnerability VCID-xej7-nkc8-dkez
14
vulnerability VCID-xmwx-eqjn-pba9
15
vulnerability VCID-xnj2-tbzn-tff6
16
vulnerability VCID-y922-r53a-rke5
17
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13
1
url pkg:gem/activerecord@3.1.0.beta1
purl pkg:gem/activerecord@3.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8umt-dz29-p3ck
2
vulnerability VCID-8uqv-cr1v-fbbm
3
vulnerability VCID-a5js-1u9t-bfan
4
vulnerability VCID-b2vm-7rth-mqhj
5
vulnerability VCID-dbvw-1xvz-63b8
6
vulnerability VCID-dp3h-z1zs-ufba
7
vulnerability VCID-er3j-4ygz-kqdx
8
vulnerability VCID-mnh7-4rvx-suay
9
vulnerability VCID-nzb9-vn9k-jbgs
10
vulnerability VCID-q8un-ngwx-5kaw
11
vulnerability VCID-qv5s-vase-2qas
12
vulnerability VCID-seud-h84p-uugv
13
vulnerability VCID-u1sg-z8t6-audk
14
vulnerability VCID-vta6-rneu-jbgg
15
vulnerability VCID-wz1m-798r-8yez
16
vulnerability VCID-xej7-nkc8-dkez
17
vulnerability VCID-xmwx-eqjn-pba9
18
vulnerability VCID-xnj2-tbzn-tff6
19
vulnerability VCID-y922-r53a-rke5
20
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1
2
url pkg:gem/activerecord@3.1.5
purl pkg:gem/activerecord@3.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8uqv-cr1v-fbbm
2
vulnerability VCID-a5js-1u9t-bfan
3
vulnerability VCID-b2vm-7rth-mqhj
4
vulnerability VCID-dbvw-1xvz-63b8
5
vulnerability VCID-dp3h-z1zs-ufba
6
vulnerability VCID-er3j-4ygz-kqdx
7
vulnerability VCID-nzb9-vn9k-jbgs
8
vulnerability VCID-q8un-ngwx-5kaw
9
vulnerability VCID-qv5s-vase-2qas
10
vulnerability VCID-seud-h84p-uugv
11
vulnerability VCID-u1sg-z8t6-audk
12
vulnerability VCID-vta6-rneu-jbgg
13
vulnerability VCID-wz1m-798r-8yez
14
vulnerability VCID-xej7-nkc8-dkez
15
vulnerability VCID-xmwx-eqjn-pba9
16
vulnerability VCID-xnj2-tbzn-tff6
17
vulnerability VCID-y922-r53a-rke5
18
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5
3
url pkg:gem/activerecord@3.2.0.rc1
purl pkg:gem/activerecord@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8umt-dz29-p3ck
2
vulnerability VCID-8uqv-cr1v-fbbm
3
vulnerability VCID-a5js-1u9t-bfan
4
vulnerability VCID-b2vm-7rth-mqhj
5
vulnerability VCID-dbvw-1xvz-63b8
6
vulnerability VCID-dp3h-z1zs-ufba
7
vulnerability VCID-er3j-4ygz-kqdx
8
vulnerability VCID-mnh7-4rvx-suay
9
vulnerability VCID-nzb9-vn9k-jbgs
10
vulnerability VCID-q8un-ngwx-5kaw
11
vulnerability VCID-qv5s-vase-2qas
12
vulnerability VCID-seud-h84p-uugv
13
vulnerability VCID-u1sg-z8t6-audk
14
vulnerability VCID-vta6-rneu-jbgg
15
vulnerability VCID-wz1m-798r-8yez
16
vulnerability VCID-xej7-nkc8-dkez
17
vulnerability VCID-xmwx-eqjn-pba9
18
vulnerability VCID-xnj2-tbzn-tff6
19
vulnerability VCID-y922-r53a-rke5
20
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1
4
url pkg:gem/activerecord@3.2.4
purl pkg:gem/activerecord@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8uqv-cr1v-fbbm
2
vulnerability VCID-a5js-1u9t-bfan
3
vulnerability VCID-b2vm-7rth-mqhj
4
vulnerability VCID-dbvw-1xvz-63b8
5
vulnerability VCID-dp3h-z1zs-ufba
6
vulnerability VCID-er3j-4ygz-kqdx
7
vulnerability VCID-nzb9-vn9k-jbgs
8
vulnerability VCID-q8un-ngwx-5kaw
9
vulnerability VCID-qv5s-vase-2qas
10
vulnerability VCID-seud-h84p-uugv
11
vulnerability VCID-u1sg-z8t6-audk
12
vulnerability VCID-vta6-rneu-jbgg
13
vulnerability VCID-wz1m-798r-8yez
14
vulnerability VCID-xej7-nkc8-dkez
15
vulnerability VCID-xmwx-eqjn-pba9
16
vulnerability VCID-xnj2-tbzn-tff6
17
vulnerability VCID-y922-r53a-rke5
18
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4
aliases CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mnh7-4rvx-suay
9
url VCID-nzb9-vn9k-jbgs
vulnerability_id VCID-nzb9-vn9k-jbgs
summary 
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
There is a potential denial of service vulnerability present in ActiveRecord's PostgreSQL adapter.

This has been assigned the CVE identifier CVE-2022-44566.

Versions Affected: All. Not affected: None.

## Fixed Versions

- 2.3.18.47 (Rails LTS, which is a paid service and not part of the rubygem)
- 3.2.22.34 (Rails LTS, which is a paid service and not part of the rubygem)
- 4.2.11.27 (Rails LTS, which is a paid service and not part of the rubygem)
- 5.2.8.15 (Rails LTS, which is a paid service and not part of the rubygem)
- 6.1.7.1
- 7.0.4.1

## Impact

In ActiveRecord < 7.0.4.1 and < 6.1.7.1, when a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.

## Releases

The fixed releases are available at the normal locations.

## Workarounds

Ensure that user supplied input which is provided to ActiveRecord clauses do not contain integers wider than a signed 64bit representation or floats. 

## Patches

To aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our maintenance policy 1 regarding security issues. They are in git-am format and consist of a single changeset.

 6-1-Added-integer-width-check-to-PostgreSQL-Quoting.patch - Patch for 6.1 series
 7-0-Added-integer-width-check-to-PostgreSQL-Quoting.patch - Patch for 7.0 series
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-44566
reference_id
reference_type
scores
0
value 0.01544
scoring_system epss
scoring_elements 0.81686
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-44566
2
reference_url https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/
url https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566
4
reference_url https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/
url https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
7
reference_url https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf
8
reference_url https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b
9
reference_url https://github.com/rails/rails/releases/tag/v6.1.7.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.7.1
10
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml
12
reference_url https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid
13
reference_url https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-44566
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-44566
15
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164789
reference_id 2164789
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164789
18
reference_url https://github.com/advisories/GHSA-579w-22j4-4749
reference_id GHSA-579w-22j4-4749
reference_type
scores
url https://github.com/advisories/GHSA-579w-22j4-4749
19
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/activerecord@6.1.7.1
purl pkg:gem/activerecord@6.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xnj2-tbzn-tff6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.7.1
1
url pkg:gem/activerecord@7.0.4.1
purl pkg:gem/activerecord@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xnj2-tbzn-tff6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.4.1
aliases CVE-2022-44566, GHSA-579w-22j4-4749, GMS-2023-59
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzb9-vn9k-jbgs
10
url VCID-qv5s-vase-2qas
vulnerability_id VCID-qv5s-vase-2qas
summary 
Array data injection vulnerability in activerecord
SQL injection vulnerability in `activerecord/lib/active_record/connection_adapters/postgresql/cast.rb` in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving `\` (backslash) characters that are not properly handled in operations on array columns.
references
0
reference_url http://openwall.com/lists/oss-security/2014/02/18/9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/02/18/9
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0080
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.48216
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0080
3
reference_url https://github.com/advisories/GHSA-hqf9-rc9j-5fmj
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hqf9-rc9j-5fmj
4
reference_url https://github.com/rails/rails/tree/main/activerecord
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/tree/main/activerecord
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml
6
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0080
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0080
8
reference_url https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1065517
reference_id 1065517
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1065517
fixed_packages
0
url pkg:gem/activerecord@3.2.0
purl pkg:gem/activerecord@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8umt-dz29-p3ck
2
vulnerability VCID-8uqv-cr1v-fbbm
3
vulnerability VCID-a5js-1u9t-bfan
4
vulnerability VCID-b2vm-7rth-mqhj
5
vulnerability VCID-dbvw-1xvz-63b8
6
vulnerability VCID-dp3h-z1zs-ufba
7
vulnerability VCID-er3j-4ygz-kqdx
8
vulnerability VCID-mnh7-4rvx-suay
9
vulnerability VCID-nzb9-vn9k-jbgs
10
vulnerability VCID-q8un-ngwx-5kaw
11
vulnerability VCID-qv5s-vase-2qas
12
vulnerability VCID-seud-h84p-uugv
13
vulnerability VCID-u1sg-z8t6-audk
14
vulnerability VCID-vta6-rneu-jbgg
15
vulnerability VCID-wz1m-798r-8yez
16
vulnerability VCID-xej7-nkc8-dkez
17
vulnerability VCID-xmwx-eqjn-pba9
18
vulnerability VCID-xnj2-tbzn-tff6
19
vulnerability VCID-y922-r53a-rke5
20
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0
1
url pkg:gem/activerecord@4.0.3
purl pkg:gem/activerecord@4.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5js-1u9t-bfan
1
vulnerability VCID-cbdn-yhbu-5uaj
2
vulnerability VCID-dbvw-1xvz-63b8
3
vulnerability VCID-dp3h-z1zs-ufba
4
vulnerability VCID-er3j-4ygz-kqdx
5
vulnerability VCID-nzb9-vn9k-jbgs
6
vulnerability VCID-q8un-ngwx-5kaw
7
vulnerability VCID-seud-h84p-uugv
8
vulnerability VCID-u1sg-z8t6-audk
9
vulnerability VCID-wz1m-798r-8yez
10
vulnerability VCID-xmwx-eqjn-pba9
11
vulnerability VCID-xnj2-tbzn-tff6
12
vulnerability VCID-y922-r53a-rke5
13
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.3
2
url pkg:gem/activerecord@4.1.0.beta1
purl pkg:gem/activerecord@4.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5js-1u9t-bfan
1
vulnerability VCID-cbdn-yhbu-5uaj
2
vulnerability VCID-dbvw-1xvz-63b8
3
vulnerability VCID-dp3h-z1zs-ufba
4
vulnerability VCID-er3j-4ygz-kqdx
5
vulnerability VCID-nzb9-vn9k-jbgs
6
vulnerability VCID-q8un-ngwx-5kaw
7
vulnerability VCID-qv5s-vase-2qas
8
vulnerability VCID-seud-h84p-uugv
9
vulnerability VCID-u1sg-z8t6-audk
10
vulnerability VCID-wz1m-798r-8yez
11
vulnerability VCID-xmwx-eqjn-pba9
12
vulnerability VCID-xnj2-tbzn-tff6
13
vulnerability VCID-y922-r53a-rke5
14
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1
3
url pkg:gem/activerecord@4.1.0.beta2
purl pkg:gem/activerecord@4.1.0.beta2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5js-1u9t-bfan
1
vulnerability VCID-cbdn-yhbu-5uaj
2
vulnerability VCID-dbvw-1xvz-63b8
3
vulnerability VCID-dp3h-z1zs-ufba
4
vulnerability VCID-er3j-4ygz-kqdx
5
vulnerability VCID-nzb9-vn9k-jbgs
6
vulnerability VCID-q8un-ngwx-5kaw
7
vulnerability VCID-seud-h84p-uugv
8
vulnerability VCID-u1sg-z8t6-audk
9
vulnerability VCID-wz1m-798r-8yez
10
vulnerability VCID-xmwx-eqjn-pba9
11
vulnerability VCID-xnj2-tbzn-tff6
12
vulnerability VCID-y922-r53a-rke5
13
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta2
aliases CVE-2014-0080, GHSA-hqf9-rc9j-5fmj, OSV-103438
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qv5s-vase-2qas
11
url VCID-seud-h84p-uugv
vulnerability_id VCID-seud-h84p-uugv
summary 
SQL Injection in Active Record
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.
references
0
reference_url http://openwall.com/lists/oss-security/2014/07/02/5
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/07/02/5
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0876.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0876.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3482
reference_id
reference_type
scores
0
value 0.01531
scoring_system epss
scoring_elements 0.81615
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3482
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483
6
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
7
reference_url https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b
8
reference_url https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3482
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3482
10
reference_url http://www.debian.org/security/2014/dsa-2982
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2982
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1114425
reference_id 1114425
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1114425
12
reference_url https://github.com/advisories/GHSA-mhwp-qhpc-h3jm
reference_id GHSA-mhwp-qhpc-h3jm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhwp-qhpc-h3jm
13
reference_url https://access.redhat.com/errata/RHSA-2014:0876
reference_id RHSA-2014:0876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0876
fixed_packages
0
url pkg:gem/activerecord@3.2.19
purl pkg:gem/activerecord@3.2.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5js-1u9t-bfan
1
vulnerability VCID-dbvw-1xvz-63b8
2
vulnerability VCID-dp3h-z1zs-ufba
3
vulnerability VCID-er3j-4ygz-kqdx
4
vulnerability VCID-nzb9-vn9k-jbgs
5
vulnerability VCID-q8un-ngwx-5kaw
6
vulnerability VCID-wz1m-798r-8yez
7
vulnerability VCID-xmwx-eqjn-pba9
8
vulnerability VCID-xnj2-tbzn-tff6
9
vulnerability VCID-y922-r53a-rke5
10
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.19
1
url pkg:gem/activerecord@4.0.0
purl pkg:gem/activerecord@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5js-1u9t-bfan
1
vulnerability VCID-cbdn-yhbu-5uaj
2
vulnerability VCID-dbvw-1xvz-63b8
3
vulnerability VCID-dp3h-z1zs-ufba
4
vulnerability VCID-er3j-4ygz-kqdx
5
vulnerability VCID-nzb9-vn9k-jbgs
6
vulnerability VCID-q8un-ngwx-5kaw
7
vulnerability VCID-qv5s-vase-2qas
8
vulnerability VCID-r9dt-jbb6-sqda
9
vulnerability VCID-seud-h84p-uugv
10
vulnerability VCID-u1sg-z8t6-audk
11
vulnerability VCID-wz1m-798r-8yez
12
vulnerability VCID-xmwx-eqjn-pba9
13
vulnerability VCID-xnj2-tbzn-tff6
14
vulnerability VCID-y922-r53a-rke5
15
vulnerability VCID-z8rh-apvg-t3d7
16
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.0
aliases CVE-2014-3482, GHSA-mhwp-qhpc-h3jm, OSV-108664
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-seud-h84p-uugv
12
url VCID-u1sg-z8t6-audk
vulnerability_id VCID-u1sg-z8t6-audk
summary 
Active Record contains SQL Injection via improper range quoting
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.
references
0
reference_url http://openwall.com/lists/oss-security/2014/07/02/5
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/07/02/5
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0877.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0877.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3483
reference_id
reference_type
scores
0
value 0.00924
scoring_system epss
scoring_elements 0.76341
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3483
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml
7
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
8
reference_url https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
reference_id
reference_type
scores
url https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
9
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3483
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3483
11
reference_url https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341
12
reference_url http://www.debian.org/security/2014/dsa-2982
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2982
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1114427
reference_id 1114427
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1114427
14
reference_url https://github.com/advisories/GHSA-r8fh-hq2p-7qhq
reference_id GHSA-r8fh-hq2p-7qhq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r8fh-hq2p-7qhq
15
reference_url https://access.redhat.com/errata/RHSA-2014:0877
reference_id RHSA-2014:0877
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0877
fixed_packages
0
url pkg:gem/activerecord@4.0.7
purl pkg:gem/activerecord@4.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5js-1u9t-bfan
1
vulnerability VCID-cbdn-yhbu-5uaj
2
vulnerability VCID-dbvw-1xvz-63b8
3
vulnerability VCID-dp3h-z1zs-ufba
4
vulnerability VCID-er3j-4ygz-kqdx
5
vulnerability VCID-nzb9-vn9k-jbgs
6
vulnerability VCID-q8un-ngwx-5kaw
7
vulnerability VCID-wz1m-798r-8yez
8
vulnerability VCID-xmwx-eqjn-pba9
9
vulnerability VCID-xnj2-tbzn-tff6
10
vulnerability VCID-y922-r53a-rke5
11
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.7
1
url pkg:gem/activerecord@4.1.0.beta1
purl pkg:gem/activerecord@4.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5js-1u9t-bfan
1
vulnerability VCID-cbdn-yhbu-5uaj
2
vulnerability VCID-dbvw-1xvz-63b8
3
vulnerability VCID-dp3h-z1zs-ufba
4
vulnerability VCID-er3j-4ygz-kqdx
5
vulnerability VCID-nzb9-vn9k-jbgs
6
vulnerability VCID-q8un-ngwx-5kaw
7
vulnerability VCID-qv5s-vase-2qas
8
vulnerability VCID-seud-h84p-uugv
9
vulnerability VCID-u1sg-z8t6-audk
10
vulnerability VCID-wz1m-798r-8yez
11
vulnerability VCID-xmwx-eqjn-pba9
12
vulnerability VCID-xnj2-tbzn-tff6
13
vulnerability VCID-y922-r53a-rke5
14
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1
2
url pkg:gem/activerecord@4.1.3
purl pkg:gem/activerecord@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5js-1u9t-bfan
1
vulnerability VCID-cbdn-yhbu-5uaj
2
vulnerability VCID-dbvw-1xvz-63b8
3
vulnerability VCID-dp3h-z1zs-ufba
4
vulnerability VCID-er3j-4ygz-kqdx
5
vulnerability VCID-nzb9-vn9k-jbgs
6
vulnerability VCID-q8un-ngwx-5kaw
7
vulnerability VCID-wz1m-798r-8yez
8
vulnerability VCID-xmwx-eqjn-pba9
9
vulnerability VCID-xnj2-tbzn-tff6
10
vulnerability VCID-y922-r53a-rke5
11
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.3
aliases CVE-2014-3483, GHSA-r8fh-hq2p-7qhq, OSV-108665
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1sg-z8t6-audk
13
url VCID-vta6-rneu-jbgg
vulnerability_id VCID-vta6-rneu-jbgg
summary 
ActiveRecord vulnerable to modification of protected model attributes
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the `attr_protected` protection mechanism and modify protected model attributes via a crafted request.
references
0
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0686.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0686.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0276
reference_id
reference_type
scores
0
value 0.00606
scoring_system epss
scoring_elements 0.69976
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0276
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml
7
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8
8
reference_url https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0276
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0276
10
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
11
reference_url https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896
12
reference_url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
13
reference_url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
14
reference_url http://www.debian.org/security/2013/dsa-2620
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2620
15
reference_url http://www.openwall.com/lists/oss-security/2013/02/11/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/11/5
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=909528
reference_id 909528
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=909528
17
reference_url https://github.com/advisories/GHSA-gr44-7grc-37vq
reference_id GHSA-gr44-7grc-37vq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gr44-7grc-37vq
18
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
19
reference_url https://access.redhat.com/errata/RHSA-2013:0686
reference_id RHSA-2013:0686
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0686
fixed_packages
0
url pkg:gem/activerecord@3.1.11
purl pkg:gem/activerecord@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5js-1u9t-bfan
1
vulnerability VCID-b2vm-7rth-mqhj
2
vulnerability VCID-dbvw-1xvz-63b8
3
vulnerability VCID-dp3h-z1zs-ufba
4
vulnerability VCID-er3j-4ygz-kqdx
5
vulnerability VCID-nzb9-vn9k-jbgs
6
vulnerability VCID-q8un-ngwx-5kaw
7
vulnerability VCID-qv5s-vase-2qas
8
vulnerability VCID-seud-h84p-uugv
9
vulnerability VCID-u1sg-z8t6-audk
10
vulnerability VCID-wz1m-798r-8yez
11
vulnerability VCID-xmwx-eqjn-pba9
12
vulnerability VCID-xnj2-tbzn-tff6
13
vulnerability VCID-y922-r53a-rke5
14
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.11
1
url pkg:gem/activerecord@3.2.0.rc1
purl pkg:gem/activerecord@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8umt-dz29-p3ck
2
vulnerability VCID-8uqv-cr1v-fbbm
3
vulnerability VCID-a5js-1u9t-bfan
4
vulnerability VCID-b2vm-7rth-mqhj
5
vulnerability VCID-dbvw-1xvz-63b8
6
vulnerability VCID-dp3h-z1zs-ufba
7
vulnerability VCID-er3j-4ygz-kqdx
8
vulnerability VCID-mnh7-4rvx-suay
9
vulnerability VCID-nzb9-vn9k-jbgs
10
vulnerability VCID-q8un-ngwx-5kaw
11
vulnerability VCID-qv5s-vase-2qas
12
vulnerability VCID-seud-h84p-uugv
13
vulnerability VCID-u1sg-z8t6-audk
14
vulnerability VCID-vta6-rneu-jbgg
15
vulnerability VCID-wz1m-798r-8yez
16
vulnerability VCID-xej7-nkc8-dkez
17
vulnerability VCID-xmwx-eqjn-pba9
18
vulnerability VCID-xnj2-tbzn-tff6
19
vulnerability VCID-y922-r53a-rke5
20
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1
2
url pkg:gem/activerecord@3.2.12
purl pkg:gem/activerecord@3.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5js-1u9t-bfan
1
vulnerability VCID-b2vm-7rth-mqhj
2
vulnerability VCID-dbvw-1xvz-63b8
3
vulnerability VCID-dp3h-z1zs-ufba
4
vulnerability VCID-er3j-4ygz-kqdx
5
vulnerability VCID-nzb9-vn9k-jbgs
6
vulnerability VCID-q8un-ngwx-5kaw
7
vulnerability VCID-qv5s-vase-2qas
8
vulnerability VCID-seud-h84p-uugv
9
vulnerability VCID-u1sg-z8t6-audk
10
vulnerability VCID-wz1m-798r-8yez
11
vulnerability VCID-xmwx-eqjn-pba9
12
vulnerability VCID-xnj2-tbzn-tff6
13
vulnerability VCID-y922-r53a-rke5
14
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.12
aliases CVE-2013-0276, GHSA-gr44-7grc-37vq, OSV-90072
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vta6-rneu-jbgg
14
url VCID-wz1m-798r-8yez
vulnerability_id VCID-wz1m-798r-8yez
summary 
Rails ActiveRecord gem vulnerable to SQL injection
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) `:limit` and (2) `:offset` parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
references
0
reference_url http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
reference_id
reference_type
scores
url http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
1
reference_url http://gist.github.com/8946
reference_id
reference_type
scores
url http://gist.github.com/8946
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
3
reference_url http://rails.lighthouseapp.com/projects/8994/tickets/288
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rails.lighthouseapp.com/projects/8994/tickets/288
4
reference_url http://rails.lighthouseapp.com/projects/8994/tickets/964
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rails.lighthouseapp.com/projects/8994/tickets/964
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-4094
reference_id
reference_type
scores
0
value 0.03119
scoring_system epss
scoring_elements 0.87063
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-4094
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094
7
reference_url http://secunia.com/advisories/31875
reference_id
reference_type
scores
url http://secunia.com/advisories/31875
8
reference_url http://secunia.com/advisories/31909
reference_id
reference_type
scores
url http://secunia.com/advisories/31909
9
reference_url http://secunia.com/advisories/31910
reference_id
reference_type
scores
url http://secunia.com/advisories/31910
10
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/45109
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/45109
11
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
12
reference_url https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-4094
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-4094
15
reference_url https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
16
reference_url https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch
17
reference_url https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch
18
reference_url https://web.archive.org/web/20081104151751/http://gist.github.com/8946
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081104151751/http://gist.github.com/8946
19
reference_url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875
20
reference_url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/
reference_id
reference_type
scores
url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/
21
reference_url https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909
22
reference_url https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910
23
reference_url https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562
24
reference_url https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176
25
reference_url https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871
26
reference_url http://www.openwall.com/lists/oss-security/2008/09/13/2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2008/09/13/2
27
reference_url http://www.openwall.com/lists/oss-security/2008/09/16/1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2008/09/16/1
28
reference_url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter
29
reference_url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
reference_id
reference_type
scores
url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
30
reference_url http://www.securityfocus.com/bid/31176
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/31176
31
reference_url http://www.securitytracker.com/id?1020871
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1020871
32
reference_url http://www.vupen.com/english/advisories/2008/2562
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2008/2562
33
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791
reference_id 500791
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791
34
reference_url https://github.com/advisories/GHSA-xf96-32q2-9rw2
reference_id GHSA-xf96-32q2-9rw2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xf96-32q2-9rw2
35
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
aliases CVE-2008-4094, GHSA-xf96-32q2-9rw2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wz1m-798r-8yez
15
url VCID-xej7-nkc8-dkez
vulnerability_id VCID-xej7-nkc8-dkez
summary 
Active Record contains SQL Injection
SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.
references
0
reference_url http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0220.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0220.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0544.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0544.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-6496
reference_id
reference_type
scores
0
value 0.01017
scoring_system epss
scoring_elements 0.77474
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-6496
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=889649
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=889649
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496
8
reference_url http://security.gentoo.org/glsa/glsa-201401-22.xml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-201401-22.xml
9
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
10
reference_url https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456
11
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM
12
reference_url https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6496
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-6496
14
reference_url https://github.com/advisories/GHSA-gh2w-j7cx-2664
reference_id GHSA-gh2w-j7cx-2664
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gh2w-j7cx-2664
15
reference_url https://security.gentoo.org/glsa/201401-22
reference_id GLSA-201401-22
reference_type
scores
url https://security.gentoo.org/glsa/201401-22
16
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
17
reference_url https://access.redhat.com/errata/RHSA-2013:0155
reference_id RHSA-2013:0155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0155
fixed_packages
0
url pkg:gem/activerecord@3.0.18
purl pkg:gem/activerecord@3.0.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8uqv-cr1v-fbbm
2
vulnerability VCID-a5js-1u9t-bfan
3
vulnerability VCID-b2vm-7rth-mqhj
4
vulnerability VCID-dbvw-1xvz-63b8
5
vulnerability VCID-dp3h-z1zs-ufba
6
vulnerability VCID-er3j-4ygz-kqdx
7
vulnerability VCID-nzb9-vn9k-jbgs
8
vulnerability VCID-qv5s-vase-2qas
9
vulnerability VCID-seud-h84p-uugv
10
vulnerability VCID-u1sg-z8t6-audk
11
vulnerability VCID-vta6-rneu-jbgg
12
vulnerability VCID-wz1m-798r-8yez
13
vulnerability VCID-xmwx-eqjn-pba9
14
vulnerability VCID-xnj2-tbzn-tff6
15
vulnerability VCID-y922-r53a-rke5
16
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.18
1
url pkg:gem/activerecord@3.1.0.beta1
purl pkg:gem/activerecord@3.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8umt-dz29-p3ck
2
vulnerability VCID-8uqv-cr1v-fbbm
3
vulnerability VCID-a5js-1u9t-bfan
4
vulnerability VCID-b2vm-7rth-mqhj
5
vulnerability VCID-dbvw-1xvz-63b8
6
vulnerability VCID-dp3h-z1zs-ufba
7
vulnerability VCID-er3j-4ygz-kqdx
8
vulnerability VCID-mnh7-4rvx-suay
9
vulnerability VCID-nzb9-vn9k-jbgs
10
vulnerability VCID-q8un-ngwx-5kaw
11
vulnerability VCID-qv5s-vase-2qas
12
vulnerability VCID-seud-h84p-uugv
13
vulnerability VCID-u1sg-z8t6-audk
14
vulnerability VCID-vta6-rneu-jbgg
15
vulnerability VCID-wz1m-798r-8yez
16
vulnerability VCID-xej7-nkc8-dkez
17
vulnerability VCID-xmwx-eqjn-pba9
18
vulnerability VCID-xnj2-tbzn-tff6
19
vulnerability VCID-y922-r53a-rke5
20
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1
2
url pkg:gem/activerecord@3.1.9
purl pkg:gem/activerecord@3.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8uqv-cr1v-fbbm
2
vulnerability VCID-a5js-1u9t-bfan
3
vulnerability VCID-b2vm-7rth-mqhj
4
vulnerability VCID-dbvw-1xvz-63b8
5
vulnerability VCID-dp3h-z1zs-ufba
6
vulnerability VCID-er3j-4ygz-kqdx
7
vulnerability VCID-nzb9-vn9k-jbgs
8
vulnerability VCID-q8un-ngwx-5kaw
9
vulnerability VCID-qv5s-vase-2qas
10
vulnerability VCID-seud-h84p-uugv
11
vulnerability VCID-u1sg-z8t6-audk
12
vulnerability VCID-vta6-rneu-jbgg
13
vulnerability VCID-wz1m-798r-8yez
14
vulnerability VCID-xmwx-eqjn-pba9
15
vulnerability VCID-xnj2-tbzn-tff6
16
vulnerability VCID-y922-r53a-rke5
17
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.9
3
url pkg:gem/activerecord@3.2.0.rc1
purl pkg:gem/activerecord@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8umt-dz29-p3ck
2
vulnerability VCID-8uqv-cr1v-fbbm
3
vulnerability VCID-a5js-1u9t-bfan
4
vulnerability VCID-b2vm-7rth-mqhj
5
vulnerability VCID-dbvw-1xvz-63b8
6
vulnerability VCID-dp3h-z1zs-ufba
7
vulnerability VCID-er3j-4ygz-kqdx
8
vulnerability VCID-mnh7-4rvx-suay
9
vulnerability VCID-nzb9-vn9k-jbgs
10
vulnerability VCID-q8un-ngwx-5kaw
11
vulnerability VCID-qv5s-vase-2qas
12
vulnerability VCID-seud-h84p-uugv
13
vulnerability VCID-u1sg-z8t6-audk
14
vulnerability VCID-vta6-rneu-jbgg
15
vulnerability VCID-wz1m-798r-8yez
16
vulnerability VCID-xej7-nkc8-dkez
17
vulnerability VCID-xmwx-eqjn-pba9
18
vulnerability VCID-xnj2-tbzn-tff6
19
vulnerability VCID-y922-r53a-rke5
20
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1
4
url pkg:gem/activerecord@3.2.10
purl pkg:gem/activerecord@3.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vcg-bgpn-9fhs
1
vulnerability VCID-8uqv-cr1v-fbbm
2
vulnerability VCID-a5js-1u9t-bfan
3
vulnerability VCID-b2vm-7rth-mqhj
4
vulnerability VCID-dbvw-1xvz-63b8
5
vulnerability VCID-dp3h-z1zs-ufba
6
vulnerability VCID-er3j-4ygz-kqdx
7
vulnerability VCID-nzb9-vn9k-jbgs
8
vulnerability VCID-q8un-ngwx-5kaw
9
vulnerability VCID-qv5s-vase-2qas
10
vulnerability VCID-seud-h84p-uugv
11
vulnerability VCID-u1sg-z8t6-audk
12
vulnerability VCID-vta6-rneu-jbgg
13
vulnerability VCID-wz1m-798r-8yez
14
vulnerability VCID-xmwx-eqjn-pba9
15
vulnerability VCID-xnj2-tbzn-tff6
16
vulnerability VCID-y922-r53a-rke5
17
vulnerability VCID-zuwm-kmb2-23ay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.10
aliases CVE-2012-6496, GHSA-gh2w-j7cx-2664, OSV-88661
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xej7-nkc8-dkez
16
url VCID-xmwx-eqjn-pba9
vulnerability_id VCID-xmwx-eqjn-pba9
summary 
Rails activerecord gem has Improper Input Validation vulnerability
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-3933
reference_id
reference_type
scores
0
value 0.00712
scoring_system epss
scoring_elements 0.72613
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-3933
1
reference_url http://secunia.com/advisories/41930
reference_id
reference_type
scores
url http://secunia.com/advisories/41930
2
reference_url http://securitytracker.com/id?1024624
reference_id
reference_type
scores
url http://securitytracker.com/id?1024624
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae
5
reference_url https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-3933
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-3933
8
reference_url https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html
9
reference_url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930
10
reference_url https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624
11
reference_url http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0
12
reference_url http://www.vupen.com/english/advisories/2010/2719
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2010/2719
13
reference_url https://github.com/advisories/GHSA-gjxw-5w2q-7grf
reference_id GHSA-gjxw-5w2q-7grf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjxw-5w2q-7grf
14
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2010-3933, GHSA-gjxw-5w2q-7grf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmwx-eqjn-pba9
17
url VCID-xnj2-tbzn-tff6
vulnerability_id VCID-xnj2-tbzn-tff6
summary activerecord: Active Record ANSI Injection Vulnerability
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55193
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.55181
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55193
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/
url https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
6
reference_url https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/
url https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
7
reference_url https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/
url https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
8
reference_url https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/
url https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55193
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55193
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106
reference_id 1111106
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2388446
reference_id 2388446
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2388446
13
reference_url https://github.com/advisories/GHSA-76r7-hhxj-r776
reference_id GHSA-76r7-hhxj-r776
reference_type
scores
url https://github.com/advisories/GHSA-76r7-hhxj-r776
fixed_packages
0
url pkg:gem/activerecord@7.1.5.2
purl pkg:gem/activerecord@7.1.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.1.5.2
1
url pkg:gem/activerecord@7.2.0.beta1
purl pkg:gem/activerecord@7.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xnj2-tbzn-tff6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.0.beta1
2
url pkg:gem/activerecord@7.2.2.2
purl pkg:gem/activerecord@7.2.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.2.2
3
url pkg:gem/activerecord@8.0.0.beta1
purl pkg:gem/activerecord@8.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xnj2-tbzn-tff6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.0.beta1
4
url pkg:gem/activerecord@8.0.2.1
purl pkg:gem/activerecord@8.0.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.2.1
aliases CVE-2025-55193, GHSA-76r7-hhxj-r776
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnj2-tbzn-tff6
18
url VCID-y922-r53a-rke5
vulnerability_id VCID-y922-r53a-rke5
summary 
activerecord vulnerable to SQL Injection
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0448
reference_id
reference_type
scores
0
value 0.00689
scoring_system epss
scoring_elements 0.72088
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0448
3
reference_url http://secunia.com/advisories/43278
reference_id
reference_type
scores
url http://secunia.com/advisories/43278
4
reference_url http://securitytracker.com/id?1025063
reference_id
reference_type
scores
url http://securitytracker.com/id?1025063
5
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
6
reference_url https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0448
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0448
9
reference_url https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063
10
reference_url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
11
reference_url http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0877
12
reference_url https://github.com/advisories/GHSA-jmm9-2p29-vh2w
reference_id GHSA-jmm9-2p29-vh2w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmm9-2p29-vh2w
13
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-0448, GHSA-jmm9-2p29-vh2w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y922-r53a-rke5
19
url VCID-zuwm-kmb2-23ay
vulnerability_id VCID-zuwm-kmb2-23ay
summary 
Active Record component in Ruby on Rails has a data-type injection vulnerability
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database.
references
0
reference_url http://openwall.com/lists/oss-security/2013/02/06/7
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2013/02/06/7
1
reference_url http://openwall.com/lists/oss-security/2013/04/24/7
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2013/04/24/7
2
reference_url http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-3221
reference_id
reference_type
scores
0
value 0.00483
scoring_system epss
scoring_elements 0.65482
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-3221
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221
6
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml
8
reference_url https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-3221
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-3221
10
reference_url https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=954365
reference_id 954365
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=954365
12
reference_url https://github.com/advisories/GHSA-f57c-hx33-hvh8
reference_id GHSA-f57c-hx33-hvh8
reference_type
scores
url https://github.com/advisories/GHSA-f57c-hx33-hvh8
fixed_packages
0
url pkg:gem/activerecord@4.2.0
purl pkg:gem/activerecord@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-azcf-s1ys-8qh5
1
vulnerability VCID-cbdn-yhbu-5uaj
2
vulnerability VCID-dbvw-1xvz-63b8
3
vulnerability VCID-dp3h-z1zs-ufba
4
vulnerability VCID-enf4-jrzh-nyac
5
vulnerability VCID-er3j-4ygz-kqdx
6
vulnerability VCID-nzb9-vn9k-jbgs
7
vulnerability VCID-q8un-ngwx-5kaw
8
vulnerability VCID-r9dt-jbb6-sqda
9
vulnerability VCID-wz1m-798r-8yez
10
vulnerability VCID-xmwx-eqjn-pba9
11
vulnerability VCID-xnj2-tbzn-tff6
12
vulnerability VCID-y922-r53a-rke5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.0
aliases CVE-2013-3221, GHSA-f57c-hx33-hvh8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zuwm-kmb2-23ay
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.12