Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/activerecord@4.1.10

Type gem

Namespace

Name activerecord

Version 4.1.10

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.1.5.2

Latest_non_vulnerable_version 8.0.2.1

Affected_by_vulnerabilities

url VCID-cbdn-yhbu-5uaj

vulnerability_id VCID-cbdn-yhbu-5uaj

summary

ActiveRecord in Ruby on Rails allows database-query bypass
Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1855.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1855.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6317

reference_id

reference_type

scores

value	0.00381
scoring_system	epss
scoring_elements	0.59771
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6317

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6317

reference_url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/

reference_url

http://www.openwall.com/lists/oss-security/2016/08/11/4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/08/11/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1365017
reference_id	1365017
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1365017

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154
reference_id	834154
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154

reference_url

https://github.com/advisories/GHSA-pr3r-4wrp-r2pv

reference_id

GHSA-pr3r-4wrp-r2pv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pr3r-4wrp-r2pv

reference_url	https://access.redhat.com/errata/RHSA-2016:1855
reference_id	RHSA-2016:1855
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1855

fixed_packages

url pkg:gem/activerecord@4.2.7.1

purl pkg:gem/activerecord@4.2.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dbvw-1xvz-63b8

vulnerability	VCID-dp3h-z1zs-ufba

vulnerability	VCID-enf4-jrzh-nyac

vulnerability	VCID-er3j-4ygz-kqdx

vulnerability	VCID-nzb9-vn9k-jbgs

vulnerability	VCID-wz1m-798r-8yez

vulnerability	VCID-xmwx-eqjn-pba9

vulnerability	VCID-xnj2-tbzn-tff6

vulnerability	VCID-y922-r53a-rke5

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.7.1

aliases CVE-2016-6317, GHSA-pr3r-4wrp-r2pv

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbdn-yhbu-5uaj

url VCID-dbvw-1xvz-63b8

vulnerability_id VCID-dbvw-1xvz-63b8

summary

activerecord vulnerable to SQL Injection
The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2695

reference_id

reference_type

scores

value	0.00637
scoring_system	epss
scoring_elements	0.70807
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2695

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml

reference_url

https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain

reference_url

https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2695

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2695

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=831573
reference_id	831573
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=831573

reference_url

https://github.com/advisories/GHSA-76wq-xw4h-f8wj

reference_id

GHSA-76wq-xw4h-f8wj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-76wq-xw4h-f8wj

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

aliases CVE-2012-2695, GHSA-76wq-xw4h-f8wj

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dbvw-1xvz-63b8

url VCID-dp3h-z1zs-ufba

vulnerability_id VCID-dp3h-z1zs-ufba

summary activerecord: Possible RCE escalation bug with Serialized Columns in Active Record

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32224

reference_id

reference_type

scores

value	0.01897
scoring_system	epss
scoring_elements	0.83531
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32224

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224

reference_url

https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/

url

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

reference_url

https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a

reference_url

https://github.com/rails/rails/commits/main/activerecord

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commits/main/activerecord

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/

url

https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

reference_url

https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-32224

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-32224

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140
reference_id	1016140
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2108997
reference_id	2108997
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2108997

reference_url	https://security.gentoo.org/glsa/202408-24
reference_id	GLSA-202408-24
reference_type
scores
url	https://security.gentoo.org/glsa/202408-24

reference_url	https://access.redhat.com/errata/RHSA-2023:0261
reference_id	RHSA-2023:0261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0261

reference_url	https://access.redhat.com/errata/RHSA-2023:1151
reference_id	RHSA-2023:1151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1151

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

fixed_packages

url pkg:gem/activerecord@5.2.8.1

purl pkg:gem/activerecord@5.2.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzb9-vn9k-jbgs

vulnerability	VCID-xnj2-tbzn-tff6

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.2.8.1

url pkg:gem/activerecord@6.0.0.beta1

purl pkg:gem/activerecord@6.0.0.beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzb9-vn9k-jbgs

vulnerability	VCID-xnj2-tbzn-tff6

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.0.beta1

url pkg:gem/activerecord@6.0.5.1

purl pkg:gem/activerecord@6.0.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzb9-vn9k-jbgs

vulnerability	VCID-whvz-g2g9-auek

vulnerability	VCID-xnj2-tbzn-tff6

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.5.1

url pkg:gem/activerecord@6.1.0.rc1

purl pkg:gem/activerecord@6.1.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzb9-vn9k-jbgs

vulnerability	VCID-xnj2-tbzn-tff6

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.0.rc1

url pkg:gem/activerecord@6.1.6.1

purl pkg:gem/activerecord@6.1.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzb9-vn9k-jbgs

vulnerability	VCID-whvz-g2g9-auek

vulnerability	VCID-xnj2-tbzn-tff6

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.6.1

url pkg:gem/activerecord@7.0.0.alpha1

purl pkg:gem/activerecord@7.0.0.alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xnj2-tbzn-tff6

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.0.alpha1

url pkg:gem/activerecord@7.0.3.1

purl pkg:gem/activerecord@7.0.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzb9-vn9k-jbgs

vulnerability	VCID-whvz-g2g9-auek

vulnerability	VCID-xnj2-tbzn-tff6

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.3.1

aliases CVE-2022-32224, GHSA-3hhc-qp5v-9p2j

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dp3h-z1zs-ufba

url VCID-er3j-4ygz-kqdx

vulnerability_id VCID-er3j-4ygz-kqdx

summary

activerecord vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2930

reference_id

reference_type

scores

value	0.00955
scoring_system	epss
scoring_elements	0.76726
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2930

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731438

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731438

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2930

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2930

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://www.debian.org/security/2011/dsa-2301

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2011/dsa-2301

reference_url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://github.com/advisories/GHSA-h6w6-xmqv-7q78

reference_id

GHSA-h6w6-xmqv-7q78

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h6w6-xmqv-7q78

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

aliases CVE-2011-2930, GHSA-h6w6-xmqv-7q78

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-er3j-4ygz-kqdx

url VCID-nzb9-vn9k-jbgs

vulnerability_id VCID-nzb9-vn9k-jbgs

summary

Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
There is a potential denial of service vulnerability present in ActiveRecord's PostgreSQL adapter.

This has been assigned the CVE identifier CVE-2022-44566.

Versions Affected: All. Not affected: None.

## Fixed Versions

- 2.3.18.47 (Rails LTS, which is a paid service and not part of the rubygem)
- 3.2.22.34 (Rails LTS, which is a paid service and not part of the rubygem)
- 4.2.11.27 (Rails LTS, which is a paid service and not part of the rubygem)
- 5.2.8.15 (Rails LTS, which is a paid service and not part of the rubygem)
- 6.1.7.1
- 7.0.4.1

## Impact

In ActiveRecord < 7.0.4.1 and < 6.1.7.1, when a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.

## Releases

The fixed releases are available at the normal locations.

## Workarounds

Ensure that user supplied input which is provided to ActiveRecord clauses do not contain integers wider than a signed 64bit representation or floats.

## Patches

To aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our maintenance policy 1 regarding security issues. They are in git-am format and consist of a single changeset.

6-1-Added-integer-width-check-to-PostgreSQL-Quoting.patch - Patch for 6.1 series
7-0-Added-integer-width-check-to-PostgreSQL-Quoting.patch - Patch for 7.0 series

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-44566

reference_id

reference_type

scores

value	0.01544
scoring_system	epss
scoring_elements	0.81686
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-44566

reference_url

https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/

url

https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566

reference_url

https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/

url

https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf

reference_url

https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b

reference_url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml

reference_url

https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid

reference_url

https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-44566

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-44566

reference_url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164789
reference_id	2164789
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164789

reference_url	https://github.com/advisories/GHSA-579w-22j4-4749
reference_id	GHSA-579w-22j4-4749
reference_type
scores
url	https://github.com/advisories/GHSA-579w-22j4-4749

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url pkg:gem/activerecord@6.1.7.1

purl pkg:gem/activerecord@6.1.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xnj2-tbzn-tff6

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.7.1

url pkg:gem/activerecord@7.0.4.1

purl pkg:gem/activerecord@7.0.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xnj2-tbzn-tff6

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.4.1

aliases CVE-2022-44566, GHSA-579w-22j4-4749, GMS-2023-59

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzb9-vn9k-jbgs

url VCID-q8un-ngwx-5kaw

vulnerability_id VCID-q8un-ngwx-5kaw

summary

Active Record Improper Access Control
`activerecord/lib/active_record/nested_attributes.rb` in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-0296.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-0296.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7577

reference_id

reference_type

scores

value	0.01209
scoring_system	epss
scoring_elements	0.79277
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7577

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7577

reference_url

http://www.debian.org/security/2016/dsa-3464

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3464

reference_url

http://www.openwall.com/lists/oss-security/2016/01/25/10

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/10

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1301957
reference_id	1301957
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1301957

reference_url

https://github.com/advisories/GHSA-xrr6-3pc4-m447

reference_id

GHSA-xrr6-3pc4-m447

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xrr6-3pc4-m447

reference_url	https://access.redhat.com/errata/RHSA-2016:0296
reference_id	RHSA-2016:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0296

reference_url	https://access.redhat.com/errata/RHSA-2016:0454
reference_id	RHSA-2016:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0454

reference_url	https://access.redhat.com/errata/RHSA-2016:0455
reference_id	RHSA-2016:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0455

fixed_packages

url pkg:gem/activerecord@4.1.14.1

purl pkg:gem/activerecord@4.1.14.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cbdn-yhbu-5uaj

vulnerability	VCID-dbvw-1xvz-63b8

vulnerability	VCID-dp3h-z1zs-ufba

vulnerability	VCID-er3j-4ygz-kqdx

vulnerability	VCID-nzb9-vn9k-jbgs

vulnerability	VCID-wz1m-798r-8yez

vulnerability	VCID-xmwx-eqjn-pba9

vulnerability	VCID-xnj2-tbzn-tff6

vulnerability	VCID-y922-r53a-rke5

vulnerability	VCID-zuwm-kmb2-23ay

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.14.1

url pkg:gem/activerecord@4.2.5.1

purl pkg:gem/activerecord@4.2.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cbdn-yhbu-5uaj

vulnerability	VCID-dbvw-1xvz-63b8

vulnerability	VCID-dp3h-z1zs-ufba

vulnerability	VCID-enf4-jrzh-nyac

vulnerability	VCID-er3j-4ygz-kqdx

vulnerability	VCID-nzb9-vn9k-jbgs

vulnerability	VCID-wz1m-798r-8yez

vulnerability	VCID-xmwx-eqjn-pba9

vulnerability	VCID-xnj2-tbzn-tff6

vulnerability	VCID-y922-r53a-rke5

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.5.1

url pkg:gem/activerecord@5.0.0.beta1.1

purl pkg:gem/activerecord@5.0.0.beta1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dbvw-1xvz-63b8

vulnerability	VCID-dp3h-z1zs-ufba

vulnerability	VCID-enf4-jrzh-nyac

vulnerability	VCID-er3j-4ygz-kqdx

vulnerability	VCID-nzb9-vn9k-jbgs

vulnerability	VCID-wz1m-798r-8yez

vulnerability	VCID-xmwx-eqjn-pba9

vulnerability	VCID-xnj2-tbzn-tff6

vulnerability	VCID-y922-r53a-rke5

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.0.0.beta1.1

aliases CVE-2015-7577, GHSA-xrr6-3pc4-m447

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8un-ngwx-5kaw

url VCID-wz1m-798r-8yez

vulnerability_id VCID-wz1m-798r-8yez

summary

Rails ActiveRecord gem vulnerable to SQL injection
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) `:limit` and (2) `:offset` parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.

references

reference_url	http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
reference_id
reference_type
scores
url	http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

reference_url	http://gist.github.com/8946
reference_id
reference_type
scores
url	http://gist.github.com/8946

reference_url

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

reference_url

http://rails.lighthouseapp.com/projects/8994/tickets/288

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rails.lighthouseapp.com/projects/8994/tickets/288

reference_url

http://rails.lighthouseapp.com/projects/8994/tickets/964

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rails.lighthouseapp.com/projects/8994/tickets/964

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-4094

reference_id

reference_type

scores

value	0.03119
scoring_system	epss
scoring_elements	0.87063
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-4094

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094

reference_url	http://secunia.com/advisories/31875
reference_id
reference_type
scores
url	http://secunia.com/advisories/31875

reference_url	http://secunia.com/advisories/31909
reference_id
reference_type
scores
url	http://secunia.com/advisories/31909

reference_url	http://secunia.com/advisories/31910
reference_id
reference_type
scores
url	http://secunia.com/advisories/31910

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/45109

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/45109

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-4094

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-4094

reference_url

https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

reference_url

https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch

reference_url

https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch

reference_url

https://web.archive.org/web/20081104151751/http://gist.github.com/8946

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081104151751/http://gist.github.com/8946

reference_url

https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875

reference_url	https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/
reference_id
reference_type
scores
url	https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/

reference_url

https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909

reference_url

https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910

reference_url

https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562

reference_url

https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176

reference_url

https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871

reference_url

http://www.openwall.com/lists/oss-security/2008/09/13/2

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2008/09/13/2

reference_url

http://www.openwall.com/lists/oss-security/2008/09/16/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2008/09/16/1

reference_url

http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter

reference_url	http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
reference_id
reference_type
scores
url	http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/

reference_url	http://www.securityfocus.com/bid/31176
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/31176

reference_url	http://www.securitytracker.com/id?1020871
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1020871

reference_url	http://www.vupen.com/english/advisories/2008/2562
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/2562

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791
reference_id	500791
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791

reference_url

https://github.com/advisories/GHSA-xf96-32q2-9rw2

reference_id

GHSA-xf96-32q2-9rw2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xf96-32q2-9rw2

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

aliases CVE-2008-4094, GHSA-xf96-32q2-9rw2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wz1m-798r-8yez

url VCID-xmwx-eqjn-pba9

vulnerability_id VCID-xmwx-eqjn-pba9

summary

Rails activerecord gem has Improper Input Validation vulnerability
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-3933

reference_id

reference_type

scores

value	0.00712
scoring_system	epss
scoring_elements	0.72613
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-3933

reference_url	http://secunia.com/advisories/41930
reference_id
reference_type
scores
url	http://secunia.com/advisories/41930

reference_url	http://securitytracker.com/id?1024624
reference_id
reference_type
scores
url	http://securitytracker.com/id?1024624

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae

reference_url

https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-3933

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2010-3933

reference_url

https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html

reference_url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930

reference_url

https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624

reference_url

http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0

reference_url	http://www.vupen.com/english/advisories/2010/2719
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2010/2719

reference_url

https://github.com/advisories/GHSA-gjxw-5w2q-7grf

reference_id

GHSA-gjxw-5w2q-7grf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gjxw-5w2q-7grf

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

aliases CVE-2010-3933, GHSA-gjxw-5w2q-7grf

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmwx-eqjn-pba9

url VCID-xnj2-tbzn-tff6

vulnerability_id VCID-xnj2-tbzn-tff6

summary activerecord: Active Record ANSI Injection Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55193

reference_id

reference_type

scores

value	0.00319
scoring_system	epss
scoring_elements	0.55181
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55193

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/

url

https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290

reference_url

https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/

url

https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b

reference_url

https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/

url

https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202

reference_url

https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/

url

https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-55193

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-55193

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106
reference_id	1111106
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2388446
reference_id	2388446
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2388446

fixed_packages

url	pkg:gem/activerecord@7.1.5.2
purl	pkg:gem/activerecord@7.1.5.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.1.5.2

url	pkg:gem/activerecord@7.2.2.2
purl	pkg:gem/activerecord@7.2.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.2.2

url	pkg:gem/activerecord@8.0.2.1
purl	pkg:gem/activerecord@8.0.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.2.1

aliases CVE-2025-55193, GHSA-76r7-hhxj-r776

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnj2-tbzn-tff6

url VCID-y922-r53a-rke5

vulnerability_id VCID-y922-r53a-rke5

summary

activerecord vulnerable to SQL Injection
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

reference_id

reference_type

scores

value	0.00689
scoring_system	epss
scoring_elements	0.72088
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

reference_url	http://secunia.com/advisories/43278
reference_id
reference_type
scores
url	http://secunia.com/advisories/43278

reference_url	http://securitytracker.com/id?1025063
reference_id
reference_type
scores
url	http://securitytracker.com/id?1025063

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-0448

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0448

reference_url

https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063

reference_url

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

reference_url	http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0877

reference_url

https://github.com/advisories/GHSA-jmm9-2p29-vh2w

reference_id

GHSA-jmm9-2p29-vh2w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jmm9-2p29-vh2w

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

aliases CVE-2011-0448, GHSA-jmm9-2p29-vh2w

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y922-r53a-rke5

url VCID-zuwm-kmb2-23ay

vulnerability_id VCID-zuwm-kmb2-23ay

summary

Active Record component in Ruby on Rails has a data-type injection vulnerability
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database.

references

reference_url

http://openwall.com/lists/oss-security/2013/02/06/7

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2013/02/06/7

reference_url

http://openwall.com/lists/oss-security/2013/04/24/7

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2013/04/24/7

reference_url

http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-3221

reference_id

reference_type

scores

value	0.00483
scoring_system	epss
scoring_elements	0.65482
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-3221

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml

reference_url

https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-3221

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-3221

reference_url

https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=954365
reference_id	954365
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=954365

reference_url	https://github.com/advisories/GHSA-f57c-hx33-hvh8
reference_id	GHSA-f57c-hx33-hvh8
reference_type
scores
url	https://github.com/advisories/GHSA-f57c-hx33-hvh8

fixed_packages

url pkg:gem/activerecord@4.2.0

purl pkg:gem/activerecord@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-azcf-s1ys-8qh5

vulnerability	VCID-cbdn-yhbu-5uaj

vulnerability	VCID-dbvw-1xvz-63b8

vulnerability	VCID-dp3h-z1zs-ufba

vulnerability	VCID-enf4-jrzh-nyac

vulnerability	VCID-er3j-4ygz-kqdx

vulnerability	VCID-nzb9-vn9k-jbgs

vulnerability	VCID-q8un-ngwx-5kaw

vulnerability	VCID-r9dt-jbb6-sqda

vulnerability	VCID-wz1m-798r-8yez

vulnerability	VCID-xmwx-eqjn-pba9

vulnerability	VCID-xnj2-tbzn-tff6

vulnerability	VCID-y922-r53a-rke5

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.0

aliases CVE-2013-3221, GHSA-f57c-hx33-hvh8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zuwm-kmb2-23ay

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.10

Package Instance