Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/407293?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/407293?format=api", "purl": "pkg:gem/actionview@4.1.8", "type": "gem", "namespace": "", "name": "actionview", "version": "4.1.8", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.2.3.1", "latest_non_vulnerable_version": "8.1.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178535?format=api", "vulnerability_id": "VCID-56hv-j97k-w3dr", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71925", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71928", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71915", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.7183", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446" }, { "reference_url": "http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43274" }, { "reference_url": "http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43666" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217" }, { "reference_url": "https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666" }, { "reference_url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291" }, { "reference_url": "https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2247", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2247" }, { "reference_url": "http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/46291" }, { "reference_url": "http://www.securitytracker.com/id?1025064", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1025064" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0587", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0587" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864", "reference_id": "614864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0446", "reference_id": "CVE-2011-0446", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0446" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml", "reference_id": "CVE-2011-0446.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml", "reference_id": "CVE-2011-0446.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml" }, { "reference_url": "https://github.com/advisories/GHSA-75w6-p6mg-vh8j", "reference_id": "GHSA-75w6-p6mg-vh8j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75w6-p6mg-vh8j" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-0446", "GHSA-75w6-p6mg-vh8j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-56hv-j97k-w3dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15151?format=api", "vulnerability_id": "VCID-7659-nqt4-cyes", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.4313", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43299", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43308", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43288", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23913", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23913" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0007" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182160", "reference_id": "2182160", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182160" }, { "reference_url": "https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd", "reference_id": "5037a13614d71727af8a175063bcf6ba1a74bdbd", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468", "reference_id": "82468", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263", "reference_id": "bugreport.cgi?bug=1033263", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5389", "reference_id": "dsa-5389", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5389" }, { "reference_url": "https://github.com/advisories/GHSA-xp5h-f8jf-rc8q", "reference_id": "GHSA-xp5h-f8jf-rc8q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xp5h-f8jf-rc8q" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0007/", "reference_id": "ntap-20240605-0007", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381887?format=api", "purl": "pkg:gem/actionview@6.1.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f6yu-hg4c-hfe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.1.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/381888?format=api", "purl": "pkg:gem/actionview@7.0.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f6yu-hg4c-hfe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@7.0.4.3" } ], "aliases": [ "CVE-2023-23913", "GHSA-xp5h-f8jf-rc8q" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7659-nqt4-cyes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8675?format=api", "vulnerability_id": "VCID-873z-9zhz-3fhg", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5267.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5267.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75987", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75916", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75995", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.76001", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5267" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/03/19/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/03/19/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831528", "reference_id": "1831528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831528" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304", "reference_id": "954304", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5267", "reference_id": "CVE-2020-5267", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5267" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml", "reference_id": "CVE-2020-5267.YML", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml" }, { "reference_url": "https://github.com/advisories/GHSA-65cv-r6x7-79hv", "reference_id": "GHSA-65cv-r6x7-79hv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-65cv-r6x7-79hv" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv", "reference_id": "GHSA-65cv-r6x7-79hv", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4366", "reference_id": "RHSA-2020:4366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16271?format=api", "purl": "pkg:gem/actionview@5.2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.2.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/15009?format=api", "purl": "pkg:gem/actionview@6.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/16274?format=api", "purl": "pkg:gem/actionview@6.0.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.0.2.2" } ], "aliases": [ "CVE-2020-5267", "GHSA-65cv-r6x7-79hv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-873z-9zhz-3fhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7112?format=api", "vulnerability_id": "VCID-a8d2-vazh-gqbz", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93993", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93985", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93991", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93966", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5419" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715" }, { "reference_url": "https://github.com/rails/rails/pull/35708", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/pull/35708" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689160", "reference_id": "1689160", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689160" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520", "reference_id": "924520", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5419", "reference_id": "CVE-2019-5419", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5419" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml", "reference_id": "CVE-2019-5419.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml" }, { "reference_url": "https://github.com/advisories/GHSA-m63j-wh5w-c252", "reference_id": "GHSA-m63j-wh5w-c252", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m63j-wh5w-c252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0796", "reference_id": "RHSA-2019:0796", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1147", "reference_id": "RHSA-2019:1147", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1149", "reference_id": "RHSA-2019:1149", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1289", "reference_id": "RHSA-2019:1289", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1289" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15012?format=api", "purl": "pkg:gem/actionview@4.2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@4.2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/15014?format=api", "purl": "pkg:gem/actionview@5.0.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.0.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/15017?format=api", "purl": "pkg:gem/actionview@5.1.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.1.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/15008?format=api", "purl": "pkg:gem/actionview@5.2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/15010?format=api", "purl": "pkg:gem/actionview@6.0.0.beta3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.0.0.beta3" } ], "aliases": [ "CVE-2019-5419", "GHSA-m63j-wh5w-c252" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8d2-vazh-gqbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8773?format=api", "vulnerability_id": "VCID-ajy4-eqvj-4ydd", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62947", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62954", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62845", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62959", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0" }, { "reference_url": "https://hackerone.com/reports/189878", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/189878" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843084", "reference_id": "1843084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843084" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8167", "reference_id": "CVE-2020-8167", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8167" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml", "reference_id": "CVE-2020-8167.YML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xq5j-gw7f-jgj8", "reference_id": "GHSA-xq5j-gw7f-jgj8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xq5j-gw7f-jgj8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16734?format=api", "purl": "pkg:gem/actionview@5.2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/16733?format=api", "purl": "pkg:gem/actionview@6.0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.0.3.1" } ], "aliases": [ "CVE-2020-8167", "GHSA-xq5j-gw7f-jgj8" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajy4-eqvj-4ydd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/997?format=api", "vulnerability_id": "VCID-akcz-6jhs-7bdq", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83757", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.8376", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83751", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83693", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4" }, { "reference_url": "https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122" }, { "reference_url": "https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726" }, { "reference_url": "https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3509", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3509" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043", "reference_id": "1310043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097", "reference_id": "CVE-2016-2097", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml", "reference_id": "CVE-2016-2097.YML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml", "reference_id": "CVE-2016-2097.YML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml" }, { "reference_url": "https://github.com/advisories/GHSA-vx9j-46rh-fqr8", "reference_id": "GHSA-vx9j-46rh-fqr8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vx9j-46rh-fqr8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0456", "reference_id": "RHSA-2016:0456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0456" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12596?format=api", "purl": "pkg:gem/actionview@4.1.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@4.1.14.2" } ], "aliases": [ "CVE-2016-2097", "GHSA-vx9j-46rh-fqr8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-akcz-6jhs-7bdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7111?format=api", "vulnerability_id": "VCID-bz3f-a6me-a3hh", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94318", "scoring_system": "epss", "scoring_elements": "0.99953", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418" }, { "reference_url": "https://www.exploit-db.com/exploits/46585", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46585" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/03/22/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689159", "reference_id": "1689159", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689159" }, { "reference_url": "https://www.exploit-db.com/exploits/46585/", "reference_id": "46585", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://www.exploit-db.com/exploits/46585/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520", "reference_id": "924520", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py", "reference_id": "CVE-2019-5418", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5418", "reference_id": "CVE-2019-5418", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5418" }, { "reference_url": "https://github.com/advisories/GHSA-86g5-2wh3-gc9j", "reference_id": "GHSA-86g5-2wh3-gc9j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-86g5-2wh3-gc9j" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html", "reference_id": "msg00011.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html", "reference_id": "msg00042.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q", "reference_id": "pFRKI96Sm8Q", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", "reference_id": "Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" }, { "reference_url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html", "reference_id": "Rails-5.2.1-Arbitrary-File-Content-Disclosure.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0796", "reference_id": "RHSA-2019:0796", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1147", "reference_id": "RHSA-2019:1147", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1149", "reference_id": "RHSA-2019:1149", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1289", "reference_id": "RHSA-2019:1289", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1289" }, { "reference_url": "https://usn.ubuntu.com/7646-1/", "reference_id": "USN-7646-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7646-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15012?format=api", "purl": "pkg:gem/actionview@4.2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@4.2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/409186?format=api", "purl": "pkg:gem/actionview@5.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/15014?format=api", "purl": "pkg:gem/actionview@5.0.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.0.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/437576?format=api", "purl": "pkg:gem/actionview@5.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/15017?format=api", "purl": "pkg:gem/actionview@5.1.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.1.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/437589?format=api", "purl": "pkg:gem/actionview@5.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/15008?format=api", "purl": "pkg:gem/actionview@5.2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/15009?format=api", "purl": "pkg:gem/actionview@6.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.0.0.beta1" } ], "aliases": [ "CVE-2019-5418", "GHSA-86g5-2wh3-gc9j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bz3f-a6me-a3hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28207?format=api", "vulnerability_id": "VCID-f6yu-hg4c-hfe7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33168.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0794", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07968", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07973", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07976", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33168" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2026-33168.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2026-33168.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33168", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33168" }, { "reference_url": "https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c", "reference_id": "0b6f8002b52b9c606fd6be9e7915d9f944cf539c", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450549", "reference_id": "2450549", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450549" }, { "reference_url": "https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d", "reference_id": "63f5ad83edaa0b976f82d46988d745426aa4a42d", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d" }, { "reference_url": "https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924", "reference_id": "c79a07df1e88738df8f68cb0ee759ad6128ca924", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924" }, { "reference_url": "https://github.com/advisories/GHSA-v55j-83pf-r9cq", "reference_id": "GHSA-v55j-83pf-r9cq", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v55j-83pf-r9cq" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-v55j-83pf-r9cq", "reference_id": "GHSA-v55j-83pf-r9cq", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-v55j-83pf-r9cq" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "v7.2.3.1", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "v8.0.4.1", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "v8.1.2.1", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374943?format=api", "purl": "pkg:gem/actionview@7.2.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@7.2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975573?format=api", "purl": "pkg:gem/actionview@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f6yu-hg4c-hfe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@8.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374942?format=api", "purl": "pkg:gem/actionview@8.0.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@8.0.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975583?format=api", "purl": "pkg:gem/actionview@8.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f6yu-hg4c-hfe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@8.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374941?format=api", "purl": "pkg:gem/actionview@8.1.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@8.1.2.1" } ], "aliases": [ "CVE-2026-33168", "GHSA-v55j-83pf-r9cq" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f6yu-hg4c-hfe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1682?format=api", "vulnerability_id": "VCID-g6pk-2xpv-rugw", "summary": "", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.82343", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.82277", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.82338", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.82348", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE" }, { "reference_url": "https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3651", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3651" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/08/11/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365008", "reference_id": "1365008", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365008" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155", "reference_id": "834155", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6316", "reference_id": "CVE-2016-6316", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6316" }, { "reference_url": "https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316", "reference_id": "CVE-2016-6316", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml", "reference_id": "CVE-2016-6316.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml" }, { "reference_url": "https://github.com/advisories/GHSA-pc3m-v286-2jwj", "reference_id": "GHSA-pc3m-v286-2jwj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pc3m-v286-2jwj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1855", "reference_id": "RHSA-2016:1855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1856", "reference_id": "RHSA-2016:1856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1857", "reference_id": "RHSA-2016:1857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1858", "reference_id": "RHSA-2016:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12579?format=api", "purl": "pkg:gem/actionview@4.2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@4.2.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12569?format=api", "purl": "pkg:gem/actionview@5.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.0.0.1" } ], "aliases": [ "CVE-2016-6316", "GHSA-pc3m-v286-2jwj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6pk-2xpv-rugw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/739?format=api", "vulnerability_id": "VCID-hfz8-rhgw-hydt", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90494", "scoring_system": "epss", "scoring_elements": "0.99629", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.90494", "scoring_system": "epss", "scoring_elements": "0.99628", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00" }, { "reference_url": "https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ" }, { "reference_url": "https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801" }, { "reference_url": "https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752" }, { "reference_url": "https://www.exploit-db.com/exploits/40561", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/40561" }, { "reference_url": "http://www.securitytracker.com/id/1034816", "reference_id": "1034816", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.securitytracker.com/id/1034816" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/13", "reference_id": "13", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/13" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963", "reference_id": "1301963", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html", "reference_id": "178044.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html", "reference_id": "178069.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html" }, { "reference_url": "https://www.exploit-db.com/exploits/40561/", "reference_id": "40561", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "https://www.exploit-db.com/exploits/40561/" }, { "reference_url": "http://www.securityfocus.com/bid/81801", "reference_id": "81801", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.securityfocus.com/bid/81801" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb", "reference_id": "CVE-2016-0752", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752", "reference_id": "CVE-2016-0752", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml", "reference_id": "CVE-2016-0752.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml", "reference_id": "CVE-2016-0752.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "dsa-3464", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7", "reference_id": "GHSA-xrr4-p6fq-hjg7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ", "reference_id": "JXcBnTtZEgAJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "msg00043.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "msg00053.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "RHSA-2016-0296.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12588?format=api", "purl": "pkg:gem/actionview@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-dan6-4f44-kyf5" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12591?format=api", "purl": "pkg:gem/actionview@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@4.2.5.1" } ], "aliases": [ "CVE-2016-0752", "GHSA-xrr4-p6fq-hjg7" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfz8-rhgw-hydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11771?format=api", "vulnerability_id": "VCID-kkxa-423m-vqbt", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00852", "scoring_system": "epss", "scoring_elements": "0.75423", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00852", "scoring_system": "epss", "scoring_elements": "0.75432", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00852", "scoring_system": "epss", "scoring_elements": "0.75352", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00852", "scoring_system": "epss", "scoring_elements": "0.75437", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html" }, { "reference_url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982", "reference_id": "1016982", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080296", "reference_id": "2080296", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080296" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27777", "reference_id": "CVE-2022-27777", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27777" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml", "reference_id": "CVE-2022-27777.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml" }, { "reference_url": "https://github.com/advisories/GHSA-ch3h-j2vf-95pv", "reference_id": "GHSA-ch3h-j2vf-95pv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ch3h-j2vf-95pv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20335?format=api", "purl": "pkg:gem/actionview@5.2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.2.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20330?format=api", "purl": "pkg:gem/actionview@6.0.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.0.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/20328?format=api", "purl": "pkg:gem/actionview@6.1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20333?format=api", "purl": "pkg:gem/actionview@7.0.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@7.0.2.4" } ], "aliases": [ "CVE-2022-27777", "GHSA-ch3h-j2vf-95pv", "GMS-2022-1138" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkxa-423m-vqbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8769?format=api", "vulnerability_id": "VCID-vazh-rc42-puhy", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91071", "scoring_system": "epss", "scoring_elements": "0.9966", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.91071", "scoring_system": "epss", "scoring_elements": "0.99662", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.91071", "scoring_system": "epss", "scoring_elements": "0.99661", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.91071", "scoring_system": "epss", "scoring_elements": "0.99659", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0" }, { "reference_url": "https://hackerone.com/reports/304805", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/304805" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848724", "reference_id": "1848724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848724" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb", "reference_id": "CVE-2020-8163", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8163", "reference_id": "CVE-2020-8163", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8163" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml", "reference_id": "CVE-2020-8163.YML", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml" }, { "reference_url": "https://github.com/advisories/GHSA-cr3x-7m39-c6jq", "reference_id": "GHSA-cr3x-7m39-c6jq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cr3x-7m39-c6jq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16735?format=api", "purl": "pkg:gem/actionview@4.2.11.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vazh-rc42-puhy" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@4.2.11.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/437564?format=api", "purl": "pkg:gem/actionview@5.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-873z-9zhz-3fhg" }, { "vulnerability": "VCID-a8d2-vazh-gqbz" }, { "vulnerability": "VCID-ajy4-eqvj-4ydd" }, { "vulnerability": "VCID-bz3f-a6me-a3hh" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-vfmh-49eu-gbh8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.0.1" } ], "aliases": [ "CVE-2020-8163", "GHSA-cr3x-7m39-c6jq" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vazh-rc42-puhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7857?format=api", "vulnerability_id": "VCID-vfmh-49eu-gbh8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.79265", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.7927", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.79192", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.79256", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877566", "reference_id": "1877566", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877566" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040", "reference_id": "970040", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15169", "reference_id": "CVE-2020-15169", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15169" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml", "reference_id": "CVE-2020-15169.YML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml" }, { "reference_url": "https://github.com/advisories/GHSA-cfjv-5498-mph5", "reference_id": "GHSA-cfjv-5498-mph5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cfjv-5498-mph5" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5", "reference_id": "GHSA-cfjv-5498-mph5", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17723?format=api", "purl": "pkg:gem/actionview@5.2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/17722?format=api", "purl": "pkg:gem/actionview@6.0.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7659-nqt4-cyes" }, { "vulnerability": "VCID-f6yu-hg4c-hfe7" }, { "vulnerability": "VCID-kkxa-423m-vqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.0.3.3" } ], "aliases": [ "CVE-2020-15169", "GHSA-cfjv-5498-mph5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfmh-49eu-gbh8" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionview@4.1.8" }