Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actiontext@6.1.7.9
Typegem
Namespace
Nameactiontext
Version6.1.7.9
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version7.0.8.5
Latest_non_vulnerable_version7.2.1.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3hur-esmy-x3hr
vulnerability_id VCID-3hur-esmy-x3hr
summary 
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
There is a possible ReDoS vulnerability in the plain_text_for_blockquote_node helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888.

Impact
------

Carefully crafted text can cause the plain_text_for_blockquote_node helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.


Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Users can avoid calling `plain_text_for_blockquote_node` or upgrade to Ruby 3.2

Credits
-------

Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the report!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47888
reference_id
reference_type
scores
0
value 0.00517
scoring_system epss
scoring_elements 0.66734
published_at 2026-04-18T12:55:00Z
1
value 0.00517
scoring_system epss
scoring_elements 0.66721
published_at 2026-04-16T12:55:00Z
2
value 0.00517
scoring_system epss
scoring_elements 0.66687
published_at 2026-04-13T12:55:00Z
3
value 0.00517
scoring_system epss
scoring_elements 0.66717
published_at 2026-04-12T12:55:00Z
4
value 0.00517
scoring_system epss
scoring_elements 0.6673
published_at 2026-04-11T12:55:00Z
5
value 0.00517
scoring_system epss
scoring_elements 0.6671
published_at 2026-04-09T12:55:00Z
6
value 0.00517
scoring_system epss
scoring_elements 0.66646
published_at 2026-04-07T12:55:00Z
7
value 0.00517
scoring_system epss
scoring_elements 0.66695
published_at 2026-04-08T12:55:00Z
8
value 0.00517
scoring_system epss
scoring_elements 0.66672
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47888
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47888
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47888
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/
url https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id 1085376
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2319035
reference_id 2319035
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2319035
9
reference_url https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468
reference_id 4f4312b21a6448336de7c7ab0c4d94b378def468
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/
url https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468
10
reference_url https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822
reference_id 727b0946c3cab04b825c039435eac963d4e91822
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/
url https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822
11
reference_url https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e
reference_id ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/
url https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47888
reference_id CVE-2024-47888
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-47888
13
reference_url https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5
reference_id de0df7caebd9cb238a6f10dca462dc5f8d5e98b5
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/
url https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5
14
reference_url https://github.com/advisories/GHSA-wwhv-wxv9-rpgw
reference_id GHSA-wwhv-wxv9-rpgw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wwhv-wxv9-rpgw
15
reference_url https://usn.ubuntu.com/7290-1/
reference_id USN-7290-1
reference_type
scores
url https://usn.ubuntu.com/7290-1/
fixed_packages
0
url pkg:gem/actiontext@6.1.7.9
purl pkg:gem/actiontext@6.1.7.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actiontext@6.1.7.9
1
url pkg:gem/actiontext@7.0.0.alpha1
purl pkg:gem/actiontext@7.0.0.alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hur-esmy-x3hr
1
vulnerability VCID-zg1n-xs8e-w3hg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actiontext@7.0.0.alpha1
2
url pkg:gem/actiontext@7.0.8.5
purl pkg:gem/actiontext@7.0.8.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actiontext@7.0.8.5
3
url pkg:gem/actiontext@7.1.0.beta1
purl pkg:gem/actiontext@7.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hur-esmy-x3hr
1
vulnerability VCID-zg1n-xs8e-w3hg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actiontext@7.1.0.beta1
4
url pkg:gem/actiontext@7.1.4.1
purl pkg:gem/actiontext@7.1.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actiontext@7.1.4.1
5
url pkg:gem/actiontext@7.2.0.beta1
purl pkg:gem/actiontext@7.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hur-esmy-x3hr
1
vulnerability VCID-rqfj-8y7h-eqgm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actiontext@7.2.0.beta1
6
url pkg:gem/actiontext@7.2.1.1
purl pkg:gem/actiontext@7.2.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actiontext@7.2.1.1
7
url pkg:gem/actiontext@8.0.0.beta1
purl pkg:gem/actiontext@8.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hur-esmy-x3hr
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actiontext@8.0.0.beta1
aliases CVE-2024-47888, GHSA-wwhv-wxv9-rpgw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hur-esmy-x3hr
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actiontext@6.1.7.9