Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/379626?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/379626?format=api", "purl": "pkg:gem/activerecord@3.0.13.rc1", "type": "gem", "namespace": "", "name": "activerecord", "version": "3.0.13.rc1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.1.5.2", "latest_non_vulnerable_version": "8.0.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26753?format=api", "vulnerability_id": "VCID-5vcg-bgpn-9fhs", "summary": "Active Record allows bypassing of database-query restrictions\nRuby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660 and CVE-2012-2694.", "references": [ { "reference_url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95304", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0155" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2609", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2609" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892866", "reference_id": "892866", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892866" }, { "reference_url": "https://github.com/advisories/GHSA-gppp-5xc5-wfpx", "reference_id": "GHSA-gppp-5xc5-wfpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gppp-5xc5-wfpx" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60455?format=api", "purl": "pkg:gem/activerecord@3.0.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/320408?format=api", "purl": "pkg:gem/activerecord@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8umt-dz29-p3ck" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60456?format=api", "purl": "pkg:gem/activerecord@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/379638?format=api", "purl": "pkg:gem/activerecord@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8umt-dz29-p3ck" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60457?format=api", "purl": "pkg:gem/activerecord@3.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.11" } ], "aliases": [ "CVE-2013-0155", "GHSA-gppp-5xc5-wfpx", "OSV-89025" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5vcg-bgpn-9fhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26734?format=api", "vulnerability_id": "VCID-8umt-dz29-p3ck", "summary": "Active Record vulnerable to SQL Injection via nested query parameters\nThe Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00627", "scoring_system": "epss", "scoring_elements": "0.70556", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661" }, { "reference_url": "https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827363", "reference_id": "827363", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827363" }, { "reference_url": "https://github.com/advisories/GHSA-fh39-v733-mxfr", "reference_id": "GHSA-fh39-v733-mxfr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fh39-v733-mxfr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60420?format=api", "purl": "pkg:gem/activerecord@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/320408?format=api", "purl": "pkg:gem/activerecord@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8umt-dz29-p3ck" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60421?format=api", "purl": "pkg:gem/activerecord@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/379638?format=api", "purl": "pkg:gem/activerecord@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8umt-dz29-p3ck" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60422?format=api", "purl": "pkg:gem/activerecord@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4" } ], "aliases": [ "CVE-2012-2661", "GHSA-fh39-v733-mxfr", "OSV-82403" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8umt-dz29-p3ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26637?format=api", "vulnerability_id": "VCID-8uqv-cr1v-fbbm", "summary": "Active Record contains deserialization of arbitrary YAML\nActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91424", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277" }, { "reference_url": "http://securitytracker.com/id?1028109", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1028109" }, { "reference_url": "https://github.com/rails/rails/tree/v6.1.4.1/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/v6.1.4.1/activerecord" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0277" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-0277", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-0277" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2620", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/11/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909633", "reference_id": "909633", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909633" }, { "reference_url": "https://github.com/advisories/GHSA-fhj9-cjjh-27vm", "reference_id": "GHSA-fhj9-cjjh-27vm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fhj9-cjjh-27vm" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60348?format=api", "purl": "pkg:gem/activerecord@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8umt-dz29-p3ck" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0" } ], "aliases": [ "CVE-2013-0277", "GHSA-fhj9-cjjh-27vm", "OSV-90073" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8uqv-cr1v-fbbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26556?format=api", "vulnerability_id": "VCID-a5js-1u9t-bfan", "summary": "Active Record subject to strong parameters protection bypass\n`activerecord/lib/active_record/relation/query_methods.rb` in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes `create_with` calls.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/08/18/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/08/18/10" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1102.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1102.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56253", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3514", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3514" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131240", "reference_id": "1131240", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131240" }, { "reference_url": "https://github.com/advisories/GHSA-9rf5-jm6f-2fmm", "reference_id": "GHSA-9rf5-jm6f-2fmm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9rf5-jm6f-2fmm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1102", "reference_id": "RHSA-2014:1102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1102" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60315?format=api", "purl": "pkg:gem/activerecord@4.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cbdn-yhbu-5uaj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/60578?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-cbdn-yhbu-5uaj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60316?format=api", "purl": "pkg:gem/activerecord@4.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cbdn-yhbu-5uaj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.5" } ], "aliases": [ "CVE-2014-3514", "GHSA-9rf5-jm6f-2fmm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a5js-1u9t-bfan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26927?format=api", "vulnerability_id": "VCID-b2vm-7rth-mqhj", "summary": "Active Record Improper Input Validation\nThe Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0699", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-1854" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.83075", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1854" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE" }, { "reference_url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1854" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://github.com/advisories/GHSA-3crr-9vmg-864v", "reference_id": "GHSA-3crr-9vmg-864v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3crr-9vmg-864v" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60506?format=api", "purl": "pkg:gem/activerecord@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/60507?format=api", "purl": "pkg:gem/activerecord@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.13" } ], "aliases": [ "CVE-2013-1854", "GHSA-3crr-9vmg-864v", "OSV-91453" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b2vm-7rth-mqhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26777?format=api", "vulnerability_id": "VCID-dbvw-1xvz-63b8", "summary": "activerecord vulnerable to SQL Injection\nThe Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70807", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2695" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2695", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2695" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=831573", "reference_id": "831573", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831573" }, { "reference_url": "https://github.com/advisories/GHSA-76wq-xw4h-f8wj", "reference_id": "GHSA-76wq-xw4h-f8wj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76wq-xw4h-f8wj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60470?format=api", "purl": "pkg:gem/activerecord@3.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/60471?format=api", "purl": "pkg:gem/activerecord@3.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/60472?format=api", "purl": "pkg:gem/activerecord@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.6" } ], "aliases": [ "CVE-2012-2695", "GHSA-76wq-xw4h-f8wj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dbvw-1xvz-63b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27190?format=api", "vulnerability_id": "VCID-er3j-4ygz-kqdx", "summary": "activerecord vulnerable to SQL Injection\nMultiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76726", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2930" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731438", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2930", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2930" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://github.com/advisories/GHSA-h6w6-xmqv-7q78", "reference_id": "GHSA-h6w6-xmqv-7q78", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6w6-xmqv-7q78" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60637?format=api", "purl": "pkg:gem/activerecord@3.1.0.rc5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8umt-dz29-p3ck" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.rc5" }, { "url": "http://public2.vulnerablecode.io/api/packages/60348?format=api", "purl": "pkg:gem/activerecord@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8umt-dz29-p3ck" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0" } ], "aliases": [ "CVE-2011-2930", "GHSA-h6w6-xmqv-7q78" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-er3j-4ygz-kqdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26600?format=api", "vulnerability_id": "VCID-mnh7-4rvx-suay", "summary": "Action Pack contains database-query restrictions bypass\n`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `[nil]` values, a related issue to CVE-2012-2694.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.3656", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b" }, { "reference_url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml" }, { "reference_url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353", "reference_id": "827353", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353" }, { "reference_url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf", "reference_id": "GHSA-hgpp-pp89-4fgf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60420?format=api", "purl": "pkg:gem/activerecord@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/320408?format=api", "purl": "pkg:gem/activerecord@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8umt-dz29-p3ck" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60421?format=api", "purl": "pkg:gem/activerecord@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/379638?format=api", "purl": "pkg:gem/activerecord@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8umt-dz29-p3ck" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60422?format=api", "purl": "pkg:gem/activerecord@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4" } ], "aliases": [ "CVE-2012-2660", "GHSA-hgpp-pp89-4fgf", "OSV-82610" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mnh7-4rvx-suay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27148?format=api", "vulnerability_id": "VCID-qv5s-vase-2qas", "summary": "Array data injection vulnerability in activerecord\nSQL injection vulnerability in `activerecord/lib/active_record/connection_adapters/postgresql/cast.rb` in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute \"add data\" SQL commands via vectors involving `\\` (backslash) characters that are not properly handled in operations on array columns.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/9" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48216", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0080" }, { "reference_url": "https://github.com/advisories/GHSA-hqf9-rc9j-5fmj", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hqf9-rc9j-5fmj" }, { "reference_url": "https://github.com/rails/rails/tree/main/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/main/activerecord" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0080", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0080" }, { "reference_url": "https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065517", "reference_id": "1065517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065517" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/320381?format=api", "purl": "pkg:gem/activerecord@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8umt-dz29-p3ck" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60576?format=api", "purl": "pkg:gem/activerecord@4.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-cbdn-yhbu-5uaj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/60578?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-cbdn-yhbu-5uaj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60579?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-cbdn-yhbu-5uaj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta2" } ], "aliases": [ "CVE-2014-0080", "GHSA-hqf9-rc9j-5fmj", "OSV-103438" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qv5s-vase-2qas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26739?format=api", "vulnerability_id": "VCID-seud-h84p-uugv", "summary": "SQL Injection in Active Record\nSQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/07/02/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/07/02/5" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0876.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0876.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81615", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3482" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2982", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114425", "reference_id": "1114425", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114425" }, { "reference_url": "https://github.com/advisories/GHSA-mhwp-qhpc-h3jm", "reference_id": "GHSA-mhwp-qhpc-h3jm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhwp-qhpc-h3jm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0876", "reference_id": "RHSA-2014:0876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0876" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60431?format=api", "purl": "pkg:gem/activerecord@3.2.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/320316?format=api", "purl": "pkg:gem/activerecord@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-cbdn-yhbu-5uaj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-r9dt-jbb6-sqda" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-z8rh-apvg-t3d7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.0" } ], "aliases": [ "CVE-2014-3482", "GHSA-mhwp-qhpc-h3jm", "OSV-108664" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-seud-h84p-uugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27056?format=api", "vulnerability_id": "VCID-u1sg-z8t6-audk", "summary": "Active Record contains SQL Injection via improper range quoting\nSQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/07/02/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/07/02/5" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0877.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0877.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00924", "scoring_system": "epss", "scoring_elements": "0.76341", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3483" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }, { "reference_url": "https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3483" }, { "reference_url": "https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2982", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114427", "reference_id": "1114427", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114427" }, { "reference_url": "https://github.com/advisories/GHSA-r8fh-hq2p-7qhq", "reference_id": "GHSA-r8fh-hq2p-7qhq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r8fh-hq2p-7qhq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0877", "reference_id": "RHSA-2014:0877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0877" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60553?format=api", "purl": "pkg:gem/activerecord@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-cbdn-yhbu-5uaj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/60578?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-cbdn-yhbu-5uaj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60554?format=api", "purl": "pkg:gem/activerecord@4.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-cbdn-yhbu-5uaj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.3" } ], "aliases": [ "CVE-2014-3483", "GHSA-r8fh-hq2p-7qhq", "OSV-108665" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u1sg-z8t6-audk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26956?format=api", "vulnerability_id": "VCID-vta6-rneu-jbgg", "summary": "ActiveRecord vulnerable to modification of protected model attributes\nActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the `attr_protected` protection mechanism and modify protected model attributes via a crafted request.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69976", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0276", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0276" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2620", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/11/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909528", "reference_id": "909528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909528" }, { "reference_url": "https://github.com/advisories/GHSA-gr44-7grc-37vq", "reference_id": "GHSA-gr44-7grc-37vq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gr44-7grc-37vq" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0686", "reference_id": "RHSA-2013:0686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0686" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60513?format=api", "purl": "pkg:gem/activerecord@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/379638?format=api", "purl": "pkg:gem/activerecord@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8umt-dz29-p3ck" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60514?format=api", "purl": "pkg:gem/activerecord@3.2.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.12" } ], "aliases": [ "CVE-2013-0276", "GHSA-gr44-7grc-37vq", "OSV-90072" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vta6-rneu-jbgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26524?format=api", "vulnerability_id": "VCID-wz1m-798r-8yez", "summary": "Rails ActiveRecord gem vulnerable to SQL injection\nMultiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) `:limit` and (2) `:offset` parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.", "references": [ { "reference_url": "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1" }, { "reference_url": "http://gist.github.com/8946", "reference_id": "", "reference_type": "", "scores": [], "url": "http://gist.github.com/8946" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" }, { "reference_url": "http://rails.lighthouseapp.com/projects/8994/tickets/288", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rails.lighthouseapp.com/projects/8994/tickets/288" }, { "reference_url": "http://rails.lighthouseapp.com/projects/8994/tickets/964", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rails.lighthouseapp.com/projects/8994/tickets/964" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.87063", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4094" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094" }, { "reference_url": "http://secunia.com/advisories/31875", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31875" }, { "reference_url": "http://secunia.com/advisories/31909", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31909" }, { "reference_url": "http://secunia.com/advisories/31910", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31910" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45109", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45109" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4094", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4094" }, { "reference_url": "https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1" }, { "reference_url": "https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch" }, { "reference_url": "https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch" }, { "reference_url": "https://web.archive.org/web/20081104151751/http://gist.github.com/8946", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081104151751/http://gist.github.com/8946" }, { "reference_url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875" }, { "reference_url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/" }, { "reference_url": "https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909" }, { "reference_url": "https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910" }, { "reference_url": "https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562" }, { "reference_url": "https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176" }, { "reference_url": "https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/09/13/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2008/09/13/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/09/16/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2008/09/16/1" }, { "reference_url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter" }, { "reference_url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/" }, { "reference_url": "http://www.securityfocus.com/bid/31176", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/31176" }, { "reference_url": "http://www.securitytracker.com/id?1020871", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1020871" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/2562", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/2562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791", "reference_id": "500791", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791" }, { "reference_url": "https://github.com/advisories/GHSA-xf96-32q2-9rw2", "reference_id": "GHSA-xf96-32q2-9rw2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xf96-32q2-9rw2" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [], "aliases": [ "CVE-2008-4094", "GHSA-xf96-32q2-9rw2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wz1m-798r-8yez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27060?format=api", "vulnerability_id": "VCID-xej7-nkc8-dkez", "summary": "Active Record contains SQL Injection\nSQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.", "references": [ { "reference_url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77474", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6496" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=889649", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889649" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201401-22.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-201401-22.xml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6496", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6496" }, { "reference_url": "https://github.com/advisories/GHSA-gh2w-j7cx-2664", "reference_id": "GHSA-gh2w-j7cx-2664", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gh2w-j7cx-2664" }, { "reference_url": "https://security.gentoo.org/glsa/201401-22", "reference_id": "GLSA-201401-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60555?format=api", "purl": "pkg:gem/activerecord@3.0.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/320408?format=api", "purl": "pkg:gem/activerecord@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8umt-dz29-p3ck" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60556?format=api", "purl": "pkg:gem/activerecord@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/379638?format=api", "purl": "pkg:gem/activerecord@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8umt-dz29-p3ck" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-mnh7-4rvx-suay" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xej7-nkc8-dkez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60557?format=api", "purl": "pkg:gem/activerecord@3.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vcg-bgpn-9fhs" }, { "vulnerability": "VCID-8uqv-cr1v-fbbm" }, { "vulnerability": "VCID-a5js-1u9t-bfan" }, { "vulnerability": "VCID-b2vm-7rth-mqhj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-qv5s-vase-2qas" }, { "vulnerability": "VCID-seud-h84p-uugv" }, { "vulnerability": "VCID-u1sg-z8t6-audk" }, { "vulnerability": "VCID-vta6-rneu-jbgg" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" }, { "vulnerability": "VCID-zuwm-kmb2-23ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.10" } ], "aliases": [ "CVE-2012-6496", "GHSA-gh2w-j7cx-2664", "OSV-88661" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xej7-nkc8-dkez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27199?format=api", "vulnerability_id": "VCID-xmwx-eqjn-pba9", "summary": "Rails activerecord gem has Improper Input Validation vulnerability\nRuby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3933", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72613", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3933" }, { "reference_url": "http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/41930" }, { "reference_url": "http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1024624" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae" }, { "reference_url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933" }, { "reference_url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930" }, { "reference_url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624" }, { "reference_url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2719", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/2719" }, { "reference_url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf", "reference_id": "GHSA-gjxw-5w2q-7grf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2010-3933", "GHSA-gjxw-5w2q-7grf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmwx-eqjn-pba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18990?format=api", "vulnerability_id": "VCID-xnj2-tbzn-tff6", "summary": "activerecord: Active Record ANSI Injection Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55181", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290" }, { "reference_url": "https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b" }, { "reference_url": "https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55193" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106", "reference_id": "1111106", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388446", "reference_id": "2388446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388446" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64362?format=api", "purl": "pkg:gem/activerecord@7.1.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.1.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/64361?format=api", "purl": "pkg:gem/activerecord@7.2.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/64360?format=api", "purl": "pkg:gem/activerecord@8.0.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.2.1" } ], "aliases": [ "CVE-2025-55193", "GHSA-76r7-hhxj-r776" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xnj2-tbzn-tff6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26676?format=api", "vulnerability_id": "VCID-y922-r53a-rke5", "summary": "activerecord vulnerable to SQL Injection\nRuby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72088", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0448" }, { "reference_url": "http://secunia.com/advisories/43278", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43278" }, { "reference_url": "http://securitytracker.com/id?1025063", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1025063" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0448", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0448" }, { "reference_url": "https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063" }, { "reference_url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://github.com/advisories/GHSA-jmm9-2p29-vh2w", "reference_id": "GHSA-jmm9-2p29-vh2w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmm9-2p29-vh2w" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-0448", "GHSA-jmm9-2p29-vh2w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y922-r53a-rke5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54583?format=api", "vulnerability_id": "VCID-zuwm-kmb2-23ay", "summary": "Active Record component in Ruby on Rails has a data-type injection vulnerability\nThe Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the \"typed XML\" feature and a MySQL database.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2013/02/06/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/02/06/7" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/04/24/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/04/24/7" }, { "reference_url": "http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65482", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3221" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3221", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3221" }, { "reference_url": "https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=954365", "reference_id": "954365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=954365" }, { "reference_url": "https://github.com/advisories/GHSA-f57c-hx33-hvh8", "reference_id": "GHSA-f57c-hx33-hvh8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f57c-hx33-hvh8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/106451?format=api", "purl": "pkg:gem/activerecord@4.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-azcf-s1ys-8qh5" }, { "vulnerability": "VCID-cbdn-yhbu-5uaj" }, { "vulnerability": "VCID-dbvw-1xvz-63b8" }, { "vulnerability": "VCID-enf4-jrzh-nyac" }, { "vulnerability": "VCID-er3j-4ygz-kqdx" }, { "vulnerability": "VCID-q8un-ngwx-5kaw" }, { "vulnerability": "VCID-r9dt-jbb6-sqda" }, { "vulnerability": "VCID-wz1m-798r-8yez" }, { "vulnerability": "VCID-xmwx-eqjn-pba9" }, { "vulnerability": "VCID-xnj2-tbzn-tff6" }, { "vulnerability": "VCID-y922-r53a-rke5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.0" } ], "aliases": [ "CVE-2013-3221", "GHSA-f57c-hx33-hvh8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zuwm-kmb2-23ay" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13.rc1" }