Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/397804?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/397804?format=api", "purl": "pkg:gem/activesupport@3.0.2", "type": "gem", "namespace": "", "name": "activesupport", "version": "3.0.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.2.3.1", "latest_non_vulnerable_version": "8.1.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28212?format=api", "vulnerability_id": "VCID-1c3z-t7sf-vqec", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33176.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0971", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09751", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09762", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0976", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33176" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33176.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33176.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33176", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33176" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb", "reference_id": "19dbab51ca086a657bb86458042bc44314916bcb", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450551", "reference_id": "2450551", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450551" }, { "reference_url": "https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a", "reference_id": "ebd6be18120d1136511eb516338e27af25ac0a1a", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a" }, { "reference_url": "https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856", "reference_id": "ee2c59e730e5b8faed502cd2c573109df093f856", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856" }, { "reference_url": "https://github.com/advisories/GHSA-2j26-frm8-cmj9", "reference_id": "GHSA-2j26-frm8-cmj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2j26-frm8-cmj9" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9", "reference_id": "GHSA-2j26-frm8-cmj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14835", "reference_id": "RHSA-2026:14835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14873", "reference_id": "RHSA-2026:14873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14874", "reference_id": "RHSA-2026:14874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14874" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "v7.2.3.1", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "v8.0.4.1", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "v8.1.2.1", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374576?format=api", "purl": "pkg:gem/activesupport@7.2.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975046?format=api", "purl": "pkg:gem/activesupport@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374575?format=api", "purl": "pkg:gem/activesupport@8.0.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975056?format=api", "purl": "pkg:gem/activesupport@8.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374574?format=api", "purl": "pkg:gem/activesupport@8.1.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.2.1" } ], "aliases": [ "CVE-2026-33176", "GHSA-2j26-frm8-cmj9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1c3z-t7sf-vqec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178542?format=api", "vulnerability_id": "VCID-9c9c-jwz1-zycr", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74779", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74698", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74769", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74781", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2932" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731435", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731435" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932" }, { "reference_url": "http://secunia.com/advisories/45917", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/45917" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2932", "reference_id": "CVE-2011-2932", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2932" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml", "reference_id": "CVE-2011-2932.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9fh3-vh3h-q4g3", "reference_id": "GHSA-9fh3-vh3h-q4g3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fh3-vh3h-q4g3" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12912?format=api", "purl": "pkg:gem/activesupport@3.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/12766?format=api", "purl": "pkg:gem/activesupport@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.0" } ], "aliases": [ "CVE-2011-2932", "GHSA-9fh3-vh3h-q4g3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9c9c-jwz1-zycr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200338?format=api", "vulnerability_id": "VCID-9j8b-jg5m-1kgk", "summary": "activesupport Cross-site Scripting vulnerability", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59838", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59718", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59829", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59826", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1098" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=799275", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=799275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098" }, { "reference_url": "https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml" }, { "reference_url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/02/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/02/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/03/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1098", "reference_id": "CVE-2012-1098", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1098" }, { "reference_url": "https://github.com/advisories/GHSA-qv8p-v9qw-wc7g", "reference_id": "GHSA-qv8p-v9qw-wc7g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qv8p-v9qw-wc7g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12954?format=api", "purl": "pkg:gem/activesupport@3.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/398855?format=api", "purl": "pkg:gem/activesupport@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12905?format=api", "purl": "pkg:gem/activesupport@3.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/418413?format=api", "purl": "pkg:gem/activesupport@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12935?format=api", "purl": "pkg:gem/activesupport@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.2" } ], "aliases": [ "CVE-2012-1098", "GHSA-qv8p-v9qw-wc7g", "OSV-79726" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9j8b-jg5m-1kgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181754?format=api", "vulnerability_id": "VCID-9m63-rwun-nubx", "summary": "security update", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2015/06/16/17", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2015/06/16/17" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3226.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3226.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43789", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43952", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43964", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43944", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU" }, { "reference_url": "https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ" }, { "reference_url": "https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231" }, { "reference_url": "https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232310", "reference_id": "1232310", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232310" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486", "reference_id": "790486", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3226", "reference_id": "CVE-2015-3226", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3226" }, { "reference_url": "https://github.com/advisories/GHSA-vxvp-4xwc-jpp6", "reference_id": "GHSA-vxvp-4xwc-jpp6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxvp-4xwc-jpp6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12699?format=api", "purl": "pkg:gem/activesupport@4.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@4.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/12748?format=api", "purl": "pkg:gem/activesupport@4.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@4.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12646?format=api", "purl": "pkg:gem/activesupport@4.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@4.2.2" } ], "aliases": [ "CVE-2015-3226", "GHSA-vxvp-4xwc-jpp6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9m63-rwun-nubx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200096?format=api", "vulnerability_id": "VCID-arbz-y6ud-mbap", "summary": "activesupport Cross-site Scripting vulnerability", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.48166", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.48028", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.48167", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.48183", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3464" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce" }, { "reference_url": "https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23" }, { "reference_url": "https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870" }, { "reference_url": "https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc" }, { "reference_url": "https://github.com/rails/rails/issues/7215", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/issues/7215" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847199", "reference_id": "847199", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847199" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3464", "reference_id": "CVE-2012-3464", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3464" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml", "reference_id": "CVE-2012-3464.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml" }, { "reference_url": "https://github.com/advisories/GHSA-h835-75hw-pj89", "reference_id": "GHSA-h835-75hw-pj89", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h835-75hw-pj89" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12809?format=api", "purl": "pkg:gem/activesupport@3.0.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/398855?format=api", "purl": "pkg:gem/activesupport@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12767?format=api", "purl": "pkg:gem/activesupport@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/418413?format=api", "purl": "pkg:gem/activesupport@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12782?format=api", "purl": "pkg:gem/activesupport@3.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.8" } ], "aliases": [ "CVE-2012-3464", "GHSA-h835-75hw-pj89", "OSV-84516" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arbz-y6ud-mbap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181755?format=api", "vulnerability_id": "VCID-av5v-ktz7-9ybf", "summary": "security update", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/06/16/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2015/06/16/16" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3227.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3227.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86176", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86234", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86237", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86226", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3" }, { "reference_url": "https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680" }, { "reference_url": "https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk" }, { "reference_url": "https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234" }, { "reference_url": "https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232302", "reference_id": "1232302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232302" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487", "reference_id": "790487", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3227", "reference_id": "CVE-2015-3227", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3227" }, { "reference_url": "https://github.com/advisories/GHSA-j96r-xvjq-r9pg", "reference_id": "GHSA-j96r-xvjq-r9pg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j96r-xvjq-r9pg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12687?format=api", "purl": "pkg:gem/activesupport@3.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/12699?format=api", "purl": "pkg:gem/activesupport@4.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@4.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/12748?format=api", "purl": "pkg:gem/activesupport@4.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@4.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12646?format=api", "purl": "pkg:gem/activesupport@4.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@4.2.2" } ], "aliases": [ "CVE-2015-3227", "GHSA-j96r-xvjq-r9pg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-av5v-ktz7-9ybf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183410?format=api", "vulnerability_id": "VCID-bn9m-pqu3-bffj", "summary": "Multiple vulnerabilities have been discovered in Rails, the worst of which\n leading to the execution of arbitrary SQL statements.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68618", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68719", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68724", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68711", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0" }, { "reference_url": "https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978" }, { "reference_url": "https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686" }, { "reference_url": "https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600" }, { "reference_url": "https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427" }, { "reference_url": "http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2260", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2260" }, { "reference_url": "http://www.securityfocus.com/bid/37427", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/37427" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "545063", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3086", "reference_id": "CVE-2009-3086", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3086" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml", "reference_id": "CVE-2009-3086.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml", "reference_id": "CVE-2009-3086.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml" }, { "reference_url": "https://github.com/advisories/GHSA-fg9w-g6m4-557j", "reference_id": "GHSA-fg9w-g6m4-557j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fg9w-g6m4-557j" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3086", "GHSA-fg9w-g6m4-557j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bn9m-pqu3-bffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178548?format=api", "vulnerability_id": "VCID-fu6v-k8cg-d3c7", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0201.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0201.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0202.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0202.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0203.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0203.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0201", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0202", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0203", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0203" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91761", "scoring_system": "epss", "scoring_elements": "0.99702", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.91761", "scoring_system": "epss", "scoring_elements": "0.99701", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0333" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=903440", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=903440" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2613", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2613" }, { "reference_url": "http://www.kb.cert.org/vuls/id/628463", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/628463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226", "reference_id": "699226", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-0333", "reference_id": "CVE-2013-0333", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-0333" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0333", "reference_id": "CVE-2013-0333", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0333" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-0333", "reference_id": "CVE-2013-0333", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-0333" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb", "reference_id": "CVE-2013-0333;OSVDB-89594", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml", "reference_id": "CVE-2013-0333.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xgr2-v94m-rc9g", "reference_id": "GHSA-xgr2-v94m-rc9g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xgr2-v94m-rc9g" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12848?format=api", "purl": "pkg:gem/activesupport@3.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/398855?format=api", "purl": "pkg:gem/activesupport@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.0.beta1" } ], "aliases": [ "CVE-2013-0333", "GHSA-xgr2-v94m-rc9g", "OSV-89594" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fu6v-k8cg-d3c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15121?format=api", "vulnerability_id": "VCID-gujm-trnh-fqaa", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01484", "scoring_system": "epss", "scoring_elements": "0.81483", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01484", "scoring_system": "epss", "scoring_elements": "0.81492", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01484", "scoring_system": "epss", "scoring_elements": "0.81424", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01484", "scoring_system": "epss", "scoring_elements": "0.81484", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8" }, { "reference_url": "https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22796" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164736", "reference_id": "2164736", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164736" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116", "reference_id": "82116", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "dsa-5372", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://github.com/advisories/GHSA-j6gc-792m-qgm2", "reference_id": "GHSA-j6gc-792m-qgm2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j6gc-792m-qgm2" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0009/", "reference_id": "ntap-20240202-0009", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4341", "reference_id": "RHSA-2023:4341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/607969?format=api", "purl": "pkg:gem/activesupport@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/380093?format=api", "purl": "pkg:gem/activesupport@6.1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@6.1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/380094?format=api", "purl": "pkg:gem/activesupport@7.0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.4.1" } ], "aliases": [ "CVE-2023-22796", "GHSA-j6gc-792m-qgm2", "GMS-2023-61" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gujm-trnh-fqaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15312?format=api", "vulnerability_id": "VCID-jgeh-r771-5fcf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61525", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61633", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61637", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61629", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28120" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262", "reference_id": "1033262", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179637", "reference_id": "2179637", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179637" }, { "reference_url": "https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70", "reference_id": "3cf23c3f891e2e81c977ea4ab83b62bc2a444b70", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469", "reference_id": "82469", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5389", "reference_id": "dsa-5389", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5389" }, { "reference_url": "https://github.com/advisories/GHSA-pj73-v5mw-pm9j", "reference_id": "GHSA-pj73-v5mw-pm9j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pj73-v5mw-pm9j" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0006/", "reference_id": "ntap-20240202-0006", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1953", "reference_id": "RHSA-2023:1953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3495", "reference_id": "RHSA-2023:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3495" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/", "reference_id": "UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/", "reference_id": "ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380857?format=api", "purl": "pkg:gem/activesupport@6.1.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@6.1.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/380856?format=api", "purl": "pkg:gem/activesupport@7.0.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.4.3" } ], "aliases": [ "CVE-2023-28120", "GHSA-pj73-v5mw-pm9j", "GMS-2023-765" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgeh-r771-5fcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28208?format=api", "vulnerability_id": "VCID-ky23-ggur-b3dn", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06152", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06151", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06165", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06174", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33169" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33169.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33169.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33169", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33169" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450556", "reference_id": "2450556", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450556" }, { "reference_url": "https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11", "reference_id": "29154f1097da13d48fdb3200760b3e3da66dcb11", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11" }, { "reference_url": "https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974", "reference_id": "b54a4b373c6f042cab6ee2033246b1c9ecc38974", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974" }, { "reference_url": "https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49", "reference_id": "ec1a0e215efd27a3b3911aae6df978a80f456a49", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49" }, { "reference_url": "https://github.com/advisories/GHSA-cg4j-q9v8-6v38", "reference_id": "GHSA-cg4j-q9v8-6v38", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg4j-q9v8-6v38" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38", "reference_id": "GHSA-cg4j-q9v8-6v38", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "v7.2.3.1", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "v8.0.4.1", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "v8.1.2.1", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374576?format=api", "purl": "pkg:gem/activesupport@7.2.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975046?format=api", "purl": "pkg:gem/activesupport@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374575?format=api", "purl": "pkg:gem/activesupport@8.0.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975056?format=api", "purl": "pkg:gem/activesupport@8.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374574?format=api", "purl": "pkg:gem/activesupport@8.1.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.2.1" } ], "aliases": [ "CVE-2026-33169", "GHSA-cg4j-q9v8-6v38" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ky23-ggur-b3dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183409?format=api", "vulnerability_id": "VCID-ryyh-3t4j-hygv", "summary": "Multiple vulnerabilities have been discovered in Rails, the worst of which\n leading to the execution of arbitrary SQL statements.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.82383", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.82389", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.82379", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.82318", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "http://secunia.com/advisories/36717", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36717" }, { "reference_url": "http://securitytracker.com/id?1022824", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1022824" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53036", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53036" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2009/dsa-1887", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2009/dsa-1887" }, { "reference_url": "http://www.osvdb.org/57666", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.osvdb.org/57666" }, { "reference_url": "http://www.securityfocus.com/bid/36278", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/36278" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=520843", "reference_id": "520843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520843" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "545063", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3009", "reference_id": "CVE-2009-3009", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3009" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml", "reference_id": "CVE-2009-3009.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml" }, { "reference_url": "https://github.com/advisories/GHSA-8qrh-h9m2-5fvf", "reference_id": "GHSA-8qrh-h9m2-5fvf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8qrh-h9m2-5fvf" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3009", "GHSA-8qrh-h9m2-5fvf", "OSV-57666" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryyh-3t4j-hygv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28209?format=api", "vulnerability_id": "VCID-sbb8-q7rv-ukh5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01511", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01527", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01518", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01515", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33170" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33170" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33170.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33170.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33170", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33170" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450543", "reference_id": "2450543", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450543" }, { "reference_url": "https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7", "reference_id": "50d732af3b7c8aaf63cbcca0becbc00279b215b7", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7" }, { "reference_url": "https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db", "reference_id": "6e8a81108001d58043de9e54a06fca58962fc2db", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db" }, { "reference_url": "https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb", "reference_id": "c1ad0e8e1972032f3395853a5e99cea035035beb", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb" }, { "reference_url": "https://github.com/advisories/GHSA-89vf-4333-qx8v", "reference_id": "GHSA-89vf-4333-qx8v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-89vf-4333-qx8v" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v", "reference_id": "GHSA-89vf-4333-qx8v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "v7.2.3.1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "v8.0.4.1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "v8.1.2.1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374576?format=api", "purl": "pkg:gem/activesupport@7.2.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975046?format=api", "purl": "pkg:gem/activesupport@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374575?format=api", "purl": "pkg:gem/activesupport@8.0.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975056?format=api", "purl": "pkg:gem/activesupport@8.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374574?format=api", "purl": "pkg:gem/activesupport@8.1.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.2.1" } ], "aliases": [ "CVE-2026-33170", "GHSA-89vf-4333-qx8v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sbb8-q7rv-ukh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178551?format=api", "vulnerability_id": "VCID-wr2q-y8hz-1fb8", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72621", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72711", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72713", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72699", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1856" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856", "reference_id": "", "reference_type": "", "scores": [], "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/03/18/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2013/03/18/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1856", "reference_id": "CVE-2013-1856", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1856" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml", "reference_id": "CVE-2013-1856.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9c2j-593q-3g82", "reference_id": "GHSA-9c2j-593q-3g82", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9c2j-593q-3g82" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12776?format=api", "purl": "pkg:gem/activesupport@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/12823?format=api", "purl": "pkg:gem/activesupport@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.13" } ], "aliases": [ "CVE-2013-1856", "GHSA-9c2j-593q-3g82", "OSV-91451" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wr2q-y8hz-1fb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200384?format=api", "vulnerability_id": "VCID-y17b-pzkn-j3c4", "summary": "rails Cross-site Scripting vulnerability", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/06/09/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/06/09/2" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/06/13/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/06/13/9" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63821", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63707", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63809", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63822", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2197" }, { "reference_url": "http://secunia.com/advisories/44789", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44789" }, { "reference_url": "https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd" }, { "reference_url": "https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da" }, { "reference_url": "http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2197", "reference_id": "CVE-2011-2197", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2197" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml", "reference_id": "CVE-2011-2197.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml" }, { "reference_url": "https://github.com/advisories/GHSA-v9v4-7jp6-8c73", "reference_id": "GHSA-v9v4-7jp6-8c73", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v9v4-7jp6-8c73" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/397815?format=api", "purl": "pkg:gem/activesupport@3.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/12961?format=api", "purl": "pkg:gem/activesupport@3.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-9c9c-jwz1-zycr" }, { "vulnerability": "VCID-9j8b-jg5m-1kgk" }, { "vulnerability": "VCID-9m63-rwun-nubx" }, { "vulnerability": "VCID-arbz-y6ud-mbap" }, { "vulnerability": "VCID-av5v-ktz7-9ybf" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-fu6v-k8cg-d3c7" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-wr2q-y8hz-1fb8" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.0.8" } ], "aliases": [ "CVE-2011-2197", "GHSA-v9v4-7jp6-8c73" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y17b-pzkn-j3c4" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.0.2" }