Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionpack@6.1.0.0
Typegem
Namespace
Nameactionpack
Version6.1.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.0.8.7
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-gjey-bqtd-kqa1
vulnerability_id VCID-gjey-bqtd-kqa1
summary 
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
Impact
------
There is a possible information disclosure / unintended method execution vulnerability in Action Pack when using the `redirect_to` or `polymorphic_url` helper with untrusted user input.

Vulnerable code will look like this.

```
redirect_to(params[:some_param])
```

All users running an affected release should either upgrade or use one of the workarounds immediately.

Releases
--------
The FIXED releases are available at the normal locations.

Workarounds
-----------
To work around this problem, it is recommended to use an allow list for valid parameters passed from the user.  For example,

```ruby
private def check(param)
  case param
  when "valid"
    param
  else
    "/"
  end
end

def index
  redirect_to(check(params[:some_param]))
end
```

Or force the user input to be cast to a string like this,

```ruby
def index
  redirect_to(params[:some_param].to_s)
end
```

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

* 5-2-information-disclosure.patch - Patch for 5.2 series
* 6-0-information-disclosure.patch - Patch for 6.0 series
* 6-1-information-disclosure.patch - Patch for 6.1 series

Please note that only the 5.2, 6.0, and 6.1 series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.

Credits
-------

Thanks to Benoit Côté-Jodoin from Shopify for reporting this.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22885
reference_id
reference_type
scores
0
value 0.03096
scoring_system epss
scoring_elements 0.86797
published_at 2026-04-13T12:55:00Z
1
value 0.03096
scoring_system epss
scoring_elements 0.86817
published_at 2026-04-18T12:55:00Z
2
value 0.03096
scoring_system epss
scoring_elements 0.86736
published_at 2026-04-01T12:55:00Z
3
value 0.03096
scoring_system epss
scoring_elements 0.86812
published_at 2026-04-16T12:55:00Z
4
value 0.03096
scoring_system epss
scoring_elements 0.86746
published_at 2026-04-02T12:55:00Z
5
value 0.03096
scoring_system epss
scoring_elements 0.86765
published_at 2026-04-04T12:55:00Z
6
value 0.03096
scoring_system epss
scoring_elements 0.86763
published_at 2026-04-07T12:55:00Z
7
value 0.03096
scoring_system epss
scoring_elements 0.86783
published_at 2026-04-08T12:55:00Z
8
value 0.03096
scoring_system epss
scoring_elements 0.86791
published_at 2026-04-09T12:55:00Z
9
value 0.03096
scoring_system epss
scoring_elements 0.86805
published_at 2026-04-11T12:55:00Z
10
value 0.03096
scoring_system epss
scoring_elements 0.86802
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22885
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml
7
reference_url https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
8
reference_url https://hackerone.com/reports/1106652
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1106652
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22885
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22885
10
reference_url https://security.netapp.com/advisory/ntap-20210805-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210805-0009
11
reference_url https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210805-0009/
12
reference_url https://www.debian.org/security/2021/dsa-4929
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-4929
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1957441
reference_id 1957441
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1957441
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
reference_id 988214
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
15
reference_url https://security.archlinux.org/AVG-1920
reference_id AVG-1920
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1920
16
reference_url https://security.archlinux.org/AVG-1921
reference_id AVG-1921
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1921
17
reference_url https://security.archlinux.org/AVG-2090
reference_id AVG-2090
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2090
18
reference_url https://security.archlinux.org/AVG-2223
reference_id AVG-2223
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2223
19
reference_url https://github.com/advisories/GHSA-hjg4-8q5f-x6fm
reference_id GHSA-hjg4-8q5f-x6fm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hjg4-8q5f-x6fm
20
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
fixed_packages
0
url pkg:gem/actionpack@6.1.3.1
purl pkg:gem/actionpack@6.1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxs-yghe-cyck
1
vulnerability VCID-1x8k-t8mr-3fgp
2
vulnerability VCID-63gy-6njy-kbd8
3
vulnerability VCID-ce39-j83r-6ug9
4
vulnerability VCID-dd9p-x7k3-37ea
5
vulnerability VCID-ehbj-aezy-d7h4
6
vulnerability VCID-g3rk-djae-pkeh
7
vulnerability VCID-gjey-bqtd-kqa1
8
vulnerability VCID-hppf-a715-r7b2
9
vulnerability VCID-jwun-grgg-2uet
10
vulnerability VCID-msda-xqbp-qfdd
11
vulnerability VCID-p22r-u1dd-b7b3
12
vulnerability VCID-p5mc-r1rg-5ff7
13
vulnerability VCID-sfyc-jewr-wuf5
14
vulnerability VCID-sgdb-985e-4uej
15
vulnerability VCID-wg3a-j2dp-ayh4
16
vulnerability VCID-wyy6-h8bq-vyde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.1
1
url pkg:gem/actionpack@6.1.3.2
purl pkg:gem/actionpack@6.1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxs-yghe-cyck
1
vulnerability VCID-1x8k-t8mr-3fgp
2
vulnerability VCID-63gy-6njy-kbd8
3
vulnerability VCID-ce39-j83r-6ug9
4
vulnerability VCID-dd9p-x7k3-37ea
5
vulnerability VCID-ehbj-aezy-d7h4
6
vulnerability VCID-g3rk-djae-pkeh
7
vulnerability VCID-hppf-a715-r7b2
8
vulnerability VCID-jwun-grgg-2uet
9
vulnerability VCID-p22r-u1dd-b7b3
10
vulnerability VCID-p5mc-r1rg-5ff7
11
vulnerability VCID-sfyc-jewr-wuf5
12
vulnerability VCID-sgdb-985e-4uej
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2
aliases CVE-2021-22885, GHSA-hjg4-8q5f-x6fm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gjey-bqtd-kqa1
1
url VCID-jwun-grgg-2uet
vulnerability_id VCID-jwun-grgg-2uet
summary 
Exposure of information in Action Pack
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23633
reference_id
reference_type
scores
0
value 0.00367
scoring_system epss
scoring_elements 0.5868
published_at 2026-04-16T12:55:00Z
1
value 0.00367
scoring_system epss
scoring_elements 0.58685
published_at 2026-04-18T12:55:00Z
2
value 0.00367
scoring_system epss
scoring_elements 0.58648
published_at 2026-04-13T12:55:00Z
3
value 0.00367
scoring_system epss
scoring_elements 0.58667
published_at 2026-04-12T12:55:00Z
4
value 0.00367
scoring_system epss
scoring_elements 0.58687
published_at 2026-04-11T12:55:00Z
5
value 0.00367
scoring_system epss
scoring_elements 0.58669
published_at 2026-04-09T12:55:00Z
6
value 0.00367
scoring_system epss
scoring_elements 0.58662
published_at 2026-04-08T12:55:00Z
7
value 0.00367
scoring_system epss
scoring_elements 0.5861
published_at 2026-04-07T12:55:00Z
8
value 0.00367
scoring_system epss
scoring_elements 0.58643
published_at 2026-04-04T12:55:00Z
9
value 0.00367
scoring_system epss
scoring_elements 0.58623
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23633
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23634
reference_id
reference_type
scores
0
value 0.00441
scoring_system epss
scoring_elements 0.63277
published_at 2026-04-18T12:55:00Z
1
value 0.00441
scoring_system epss
scoring_elements 0.63198
published_at 2026-04-07T12:55:00Z
2
value 0.00441
scoring_system epss
scoring_elements 0.63269
published_at 2026-04-12T12:55:00Z
3
value 0.00441
scoring_system epss
scoring_elements 0.63284
published_at 2026-04-11T12:55:00Z
4
value 0.00441
scoring_system epss
scoring_elements 0.63233
published_at 2026-04-13T12:55:00Z
5
value 0.00441
scoring_system epss
scoring_elements 0.63267
published_at 2026-04-09T12:55:00Z
6
value 0.00441
scoring_system epss
scoring_elements 0.6327
published_at 2026-04-16T12:55:00Z
7
value 0.00441
scoring_system epss
scoring_elements 0.6325
published_at 2026-04-08T12:55:00Z
8
value 0.00453
scoring_system epss
scoring_elements 0.63763
published_at 2026-04-02T12:55:00Z
9
value 0.00453
scoring_system epss
scoring_elements 0.63789
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23634
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
17
reference_url https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016
18
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
19
reference_url https://github.com/puma/puma
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma
20
reference_url https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
21
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
22
reference_url https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da
23
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml
24
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml
25
reference_url https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements
1
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
26
reference_url https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1
27
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html
28
reference_url https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html
29
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/
36
reference_url https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released
37
reference_url https://security.gentoo.org/glsa/202208-28
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-28
38
reference_url https://security.netapp.com/advisory/ntap-20240119-0013
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240119-0013
39
reference_url https://security.netapp.com/advisory/ntap-20240119-0013/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240119-0013/
40
reference_url https://www.debian.org/security/2022/dsa-5146
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5146
41
reference_url https://www.debian.org/security/2023/dsa-5372
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5372
42
reference_url http://www.openwall.com/lists/oss-security/2022/02/11/5
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/02/11/5
43
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389
reference_id 1005389
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389
44
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005391
reference_id 1005391
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005391
45
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2054211
reference_id 2054211
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2054211
46
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2063149
reference_id 2063149
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2063149
47
reference_url https://security.archlinux.org/AVG-2764
reference_id AVG-2764
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2764
48
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23633
reference_id CVE-2022-23633
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23633
49
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23634
reference_id CVE-2022-23634
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23634
50
reference_url https://github.com/advisories/GHSA-rmj8-8hhh-gv5h
reference_id GHSA-rmj8-8hhh-gv5h
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rmj8-8hhh-gv5h
51
reference_url https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
reference_id GHSA-rmj8-8hhh-gv5h
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
52
reference_url https://github.com/advisories/GHSA-wh98-p28r-vrc9
reference_id GHSA-wh98-p28r-vrc9
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-wh98-p28r-vrc9
53
reference_url https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9
reference_id GHSA-wh98-p28r-vrc9
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9
54
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
55
reference_url https://usn.ubuntu.com/6682-1/
reference_id USN-6682-1
reference_type
scores
url https://usn.ubuntu.com/6682-1/
fixed_packages
0
url pkg:gem/actionpack@6.1.4.6
purl pkg:gem/actionpack@6.1.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63gy-6njy-kbd8
1
vulnerability VCID-ce39-j83r-6ug9
2
vulnerability VCID-dd9p-x7k3-37ea
3
vulnerability VCID-ehbj-aezy-d7h4
4
vulnerability VCID-g3rk-djae-pkeh
5
vulnerability VCID-hppf-a715-r7b2
6
vulnerability VCID-p22r-u1dd-b7b3
7
vulnerability VCID-p5mc-r1rg-5ff7
8
vulnerability VCID-sfyc-jewr-wuf5
9
vulnerability VCID-sgdb-985e-4uej
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.4.6
1
url pkg:gem/actionpack@7.0.0.alpha1
purl pkg:gem/actionpack@7.0.0.alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63gy-6njy-kbd8
1
vulnerability VCID-ehbj-aezy-d7h4
2
vulnerability VCID-g3rk-djae-pkeh
3
vulnerability VCID-hppf-a715-r7b2
4
vulnerability VCID-sfyc-jewr-wuf5
5
vulnerability VCID-sgdb-985e-4uej
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1
2
url pkg:gem/actionpack@7.0.2.2
purl pkg:gem/actionpack@7.0.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5bh7-drnb-7ygg
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-6tty-dbwx-rbgx
3
vulnerability VCID-ce39-j83r-6ug9
4
vulnerability VCID-dd9p-x7k3-37ea
5
vulnerability VCID-ehbj-aezy-d7h4
6
vulnerability VCID-g3rk-djae-pkeh
7
vulnerability VCID-hppf-a715-r7b2
8
vulnerability VCID-p22r-u1dd-b7b3
9
vulnerability VCID-p5mc-r1rg-5ff7
10
vulnerability VCID-sfyc-jewr-wuf5
11
vulnerability VCID-sgdb-985e-4uej
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.2.2
aliases CVE-2022-23633, CVE-2022-23634, GHSA-rmj8-8hhh-gv5h, GHSA-wh98-p28r-vrc9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwun-grgg-2uet
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.0.0