Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionmailer@7.1.4.1
Typegem
Namespace
Nameactionmailer
Version7.1.4.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version7.2.1.1
Latest_non_vulnerable_version7.2.1.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-yy6t-ybeu-qycc
vulnerability_id VCID-yy6t-ybeu-qycc
summary 
Possible ReDoS vulnerability in block_format in Action Mailer
There is a possible ReDoS vulnerability in the block_format helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889.

Impact
------

Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected.


Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Users can avoid calling the `block_format` helper or upgrade to Ruby 3.2

Credits
-------

Thanks to yuki_osaki for the report!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47889
reference_id
reference_type
scores
0
value 0.00344
scoring_system epss
scoring_elements 0.57094
published_at 2026-04-16T12:55:00Z
1
value 0.00344
scoring_system epss
scoring_elements 0.57066
published_at 2026-04-13T12:55:00Z
2
value 0.00344
scoring_system epss
scoring_elements 0.5709
published_at 2026-04-18T12:55:00Z
3
value 0.00344
scoring_system epss
scoring_elements 0.57111
published_at 2026-04-11T12:55:00Z
4
value 0.00344
scoring_system epss
scoring_elements 0.57099
published_at 2026-04-09T12:55:00Z
5
value 0.00344
scoring_system epss
scoring_elements 0.57097
published_at 2026-04-08T12:55:00Z
6
value 0.00344
scoring_system epss
scoring_elements 0.57047
published_at 2026-04-02T12:55:00Z
7
value 0.00344
scoring_system epss
scoring_elements 0.57046
published_at 2026-04-07T12:55:00Z
8
value 0.00344
scoring_system epss
scoring_elements 0.57069
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47889
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47889
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47889
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/
url https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml
7
reference_url https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94
reference_id 0e5694f4d32544532d2301a9b4084eacb6986e94
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/
url https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id 1085376
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2319033
reference_id 2319033
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2319033
10
reference_url https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3
reference_id 3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/
url https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3
11
reference_url https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9
reference_id 985f1923fa62806ff676e41de67c3b4552131ab9
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/
url https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9
12
reference_url https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e
reference_id be898cc996986decfe238341d96b2a6573b8fd2e
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/
url https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47889
reference_id CVE-2024-47889
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-47889
14
reference_url https://github.com/advisories/GHSA-h47h-mwp9-c6q6
reference_id GHSA-h47h-mwp9-c6q6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h47h-mwp9-c6q6
15
reference_url https://usn.ubuntu.com/7290-1/
reference_id USN-7290-1
reference_type
scores
url https://usn.ubuntu.com/7290-1/
fixed_packages
0
url pkg:gem/actionmailer@6.1.7.9
purl pkg:gem/actionmailer@6.1.7.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionmailer@6.1.7.9
1
url pkg:gem/actionmailer@7.0.0.alpha1
purl pkg:gem/actionmailer@7.0.0.alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-yy6t-ybeu-qycc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionmailer@7.0.0.alpha1
2
url pkg:gem/actionmailer@7.0.8.5
purl pkg:gem/actionmailer@7.0.8.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionmailer@7.0.8.5
3
url pkg:gem/actionmailer@7.1.0.beta1
purl pkg:gem/actionmailer@7.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-yy6t-ybeu-qycc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionmailer@7.1.0.beta1
4
url pkg:gem/actionmailer@7.1.4.1
purl pkg:gem/actionmailer@7.1.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionmailer@7.1.4.1
5
url pkg:gem/actionmailer@7.2.0.beta1
purl pkg:gem/actionmailer@7.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-yy6t-ybeu-qycc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionmailer@7.2.0.beta1
6
url pkg:gem/actionmailer@7.2.1.1
purl pkg:gem/actionmailer@7.2.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionmailer@7.2.1.1
7
url pkg:gem/actionmailer@8.0.0.beta1
purl pkg:gem/actionmailer@8.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-yy6t-ybeu-qycc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionmailer@8.0.0.beta1
aliases CVE-2024-47889, GHSA-h47h-mwp9-c6q6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yy6t-ybeu-qycc
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionmailer@7.1.4.1