Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/50163?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/50163?format=api", "purl": "pkg:gem/activerecord@3.1.5", "type": "gem", "namespace": "", "name": "activerecord", "version": "3.1.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.1.5.2", "latest_non_vulnerable_version": "8.0.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11860?format=api", "vulnerability_id": "VCID-12f4-gcj5-h3cu", "summary": "activerecord vulnerable to SQL Injection\nThe Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70816", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2695" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=831573", "reference_id": "831573", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831573" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2695", "reference_id": "CVE-2012-2695", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2695" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml", "reference_id": "CVE-2012-2695.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml" }, { "reference_url": "https://github.com/advisories/GHSA-76wq-xw4h-f8wj", "reference_id": "GHSA-76wq-xw4h-f8wj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76wq-xw4h-f8wj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53536?format=api", "purl": "pkg:gem/activerecord@3.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/53537?format=api", "purl": "pkg:gem/activerecord@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.6" } ], "aliases": [ "CVE-2012-2695", "GHSA-76wq-xw4h-f8wj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12f4-gcj5-h3cu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11867?format=api", "vulnerability_id": "VCID-1r5t-n9ys-zbbu", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nRuby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72094", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0448" }, { "reference_url": "http://secunia.com/advisories/43278", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43278" }, { "reference_url": "http://securitytracker.com/id?1025063", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1025063" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474" }, { "reference_url": "https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063" }, { "reference_url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0448", "reference_id": "CVE-2011-0448", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0448" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml", "reference_id": "CVE-2011-0448.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml" }, { "reference_url": "https://github.com/advisories/GHSA-jmm9-2p29-vh2w", "reference_id": "GHSA-jmm9-2p29-vh2w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmm9-2p29-vh2w" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-0448", "GHSA-jmm9-2p29-vh2w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1r5t-n9ys-zbbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/198608?format=api", "vulnerability_id": "VCID-2bpy-kbwe-zbg8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01897", "scoring_system": "epss", "scoring_elements": "0.83537", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32224" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a" }, { "reference_url": "https://github.com/rails/rails/commits/main/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commits/main/activerecord" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140", "reference_id": "1016140", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108997", "reference_id": "2108997", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108997" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32224", "reference_id": "CVE-2022-32224", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32224" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml", "reference_id": "CVE-2022-32224.YML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml" }, { "reference_url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j", "reference_id": "GHSA-3hhc-qp5v-9p2j", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/" } ], "url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j" }, { "reference_url": "https://security.gentoo.org/glsa/202408-24", "reference_id": "GLSA-202408-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0261", "reference_id": "RHSA-2023:0261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1151", "reference_id": "RHSA-2023:1151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78515?format=api", "purl": "pkg:gem/activerecord@5.2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/166287?format=api", "purl": "pkg:gem/activerecord@6.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/78509?format=api", "purl": "pkg:gem/activerecord@6.0.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rzeh-ft6v-h7bv" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/166318?format=api", "purl": "pkg:gem/activerecord@6.1.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/78513?format=api", "purl": "pkg:gem/activerecord@6.1.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rzeh-ft6v-h7bv" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/166346?format=api", "purl": "pkg:gem/activerecord@7.0.0.alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v12d-fr9k-7ufu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.0.alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/78511?format=api", "purl": "pkg:gem/activerecord@7.0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rzeh-ft6v-h7bv" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.3.1" } ], "aliases": [ "CVE-2022-32224", "GHSA-3hhc-qp5v-9p2j" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2bpy-kbwe-zbg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11816?format=api", "vulnerability_id": "VCID-2dgz-cqjx-bkaw", "summary": "activerecord vulnerable to SQL Injection\nMultiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76737", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2930" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731438", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731438" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2930", "reference_id": "CVE-2011-2930", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2930" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml", "reference_id": "CVE-2011-2930.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml" }, { "reference_url": "https://github.com/advisories/GHSA-h6w6-xmqv-7q78", "reference_id": "GHSA-h6w6-xmqv-7q78", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6w6-xmqv-7q78" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-2930", "GHSA-h6w6-xmqv-7q78" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dgz-cqjx-bkaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10337?format=api", "vulnerability_id": "VCID-2vex-unxw-jub9", "summary": "Circumvention of attr_protected\nThe attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69983", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0276" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2620", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/11/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909528", "reference_id": "909528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909528" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0276", "reference_id": "CVE-2013-0276", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0276" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml", "reference_id": "CVE-2013-0276.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gr44-7grc-37vq", "reference_id": "GHSA-gr44-7grc-37vq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gr44-7grc-37vq" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0686", "reference_id": "RHSA-2013:0686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0686" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73756?format=api", "purl": "pkg:gem/activerecord@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/94635?format=api", "purl": "pkg:gem/activerecord@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-31rm-1rpc-g3dq" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-p5sk-7xnp-fygg" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73760?format=api", "purl": "pkg:gem/activerecord@3.2.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.12" } ], "aliases": [ "CVE-2013-0276", "GHSA-gr44-7grc-37vq", "OSV-90072" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2vex-unxw-jub9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10555?format=api", "vulnerability_id": "VCID-3gxu-74a5-m7cv", "summary": "Strong Parameter bypass with create_with\nThe `create_with` functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/08/18/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/08/18/10" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1102.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1102.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56267", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3514" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131240", "reference_id": "1131240", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131240" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3514", "reference_id": "CVE-2014-3514", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3514" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml", "reference_id": "CVE-2014-3514.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9rf5-jm6f-2fmm", "reference_id": "GHSA-9rf5-jm6f-2fmm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9rf5-jm6f-2fmm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1102", "reference_id": "RHSA-2014:1102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1102" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50863?format=api", "purl": "pkg:gem/activerecord@4.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-96bd-6tam-1qc5" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/73720?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-96bd-6tam-1qc5" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/50864?format=api", "purl": "pkg:gem/activerecord@4.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-96bd-6tam-1qc5" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.5" } ], "aliases": [ "CVE-2014-3514", "GHSA-9rf5-jm6f-2fmm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gxu-74a5-m7cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11871?format=api", "vulnerability_id": "VCID-3sqw-5cpa-5qgg", "summary": "Active Record contains SQL Injection\nSQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.", "references": [ { "reference_url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77483", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6496" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=889649", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889649" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201401-22.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-201401-22.xml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6496", "reference_id": "CVE-2012-6496", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6496" }, { "reference_url": "https://github.com/advisories/GHSA-gh2w-j7cx-2664", "reference_id": "GHSA-gh2w-j7cx-2664", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gh2w-j7cx-2664" }, { "reference_url": "https://security.gentoo.org/glsa/201401-22", "reference_id": "GLSA-201401-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73761?format=api", "purl": "pkg:gem/activerecord@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/94635?format=api", "purl": "pkg:gem/activerecord@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-31rm-1rpc-g3dq" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-p5sk-7xnp-fygg" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73765?format=api", "purl": "pkg:gem/activerecord@3.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.10" } ], "aliases": [ "CVE-2012-6496", "GHSA-gh2w-j7cx-2664", "OSV-88661" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sqw-5cpa-5qgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10362?format=api", "vulnerability_id": "VCID-57uk-2vgz-kyhn", "summary": "Symbol DoS vulnerability in Active Record\nWhen a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0699", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.83081", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1854" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE" }, { "reference_url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-1854", "reference_id": "CVE-2013-1854", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-1854" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1854", "reference_id": "CVE-2013-1854", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1854" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml", "reference_id": "CVE-2013-1854.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml" }, { "reference_url": "https://github.com/advisories/GHSA-3crr-9vmg-864v", "reference_id": "GHSA-3crr-9vmg-864v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3crr-9vmg-864v" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50349?format=api", "purl": "pkg:gem/activerecord@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/50350?format=api", "purl": "pkg:gem/activerecord@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.13" } ], "aliases": [ "CVE-2013-1854", "GHSA-3crr-9vmg-864v", "OSV-91453" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57uk-2vgz-kyhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10536?format=api", "vulnerability_id": "VCID-9xfd-d2ff-uuec", "summary": "SQL Injection Vulnerabilities Affecting PostgreSQL\nSQLi vulnerability in activerecord.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/07/02/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/07/02/5" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0877.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0877.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00924", "scoring_system": "epss", "scoring_elements": "0.76349", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3483" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }, { "reference_url": "https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4" }, { "reference_url": "https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2982", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114427", "reference_id": "1114427", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114427" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3483", "reference_id": "CVE-2014-3483", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3483" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml", "reference_id": "CVE-2014-3483.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml" }, { "reference_url": "https://github.com/advisories/GHSA-r8fh-hq2p-7qhq", "reference_id": "GHSA-r8fh-hq2p-7qhq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r8fh-hq2p-7qhq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0877", "reference_id": "RHSA-2014:0877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0877" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50817?format=api", "purl": "pkg:gem/activerecord@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-96bd-6tam-1qc5" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/73720?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-96bd-6tam-1qc5" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/50818?format=api", "purl": "pkg:gem/activerecord@4.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-96bd-6tam-1qc5" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.3" } ], "aliases": [ "CVE-2014-3483", "GHSA-r8fh-hq2p-7qhq", "OSV-108665" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9xfd-d2ff-uuec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11835?format=api", "vulnerability_id": "VCID-c3hd-njh3-b3bg", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nMultiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.", "references": [ { "reference_url": "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1" }, { "reference_url": "http://gist.github.com/8946", "reference_id": "", "reference_type": "", "scores": [], "url": "http://gist.github.com/8946" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" }, { "reference_url": "http://rails.lighthouseapp.com/projects/8994/tickets/288", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rails.lighthouseapp.com/projects/8994/tickets/288" }, { "reference_url": "http://rails.lighthouseapp.com/projects/8994/tickets/964", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rails.lighthouseapp.com/projects/8994/tickets/964" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.87069", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4094" }, { "reference_url": "http://secunia.com/advisories/31875", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31875" }, { "reference_url": "http://secunia.com/advisories/31909", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31909" }, { "reference_url": "http://secunia.com/advisories/31910", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31910" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45109", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45109" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645" }, { "reference_url": "https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1" }, { "reference_url": "https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch" }, { "reference_url": "https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch" }, { "reference_url": "https://web.archive.org/web/20081104151751/http://gist.github.com/8946", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081104151751/http://gist.github.com/8946" }, { "reference_url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875" }, { "reference_url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/" }, { "reference_url": "https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909" }, { "reference_url": "https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910" }, { "reference_url": "https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562" }, { "reference_url": "https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176" }, { "reference_url": "https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/09/13/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2008/09/13/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/09/16/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2008/09/16/1" }, { "reference_url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter" }, { "reference_url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/" }, { "reference_url": "http://www.securityfocus.com/bid/31176", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/31176" }, { "reference_url": "http://www.securitytracker.com/id?1020871", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1020871" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/2562", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/2562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791", "reference_id": "500791", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4094", "reference_id": "CVE-2008-4094", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4094" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml", "reference_id": "CVE-2008-4094.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xf96-32q2-9rw2", "reference_id": "GHSA-xf96-32q2-9rw2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xf96-32q2-9rw2" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [], "aliases": [ "CVE-2008-4094", "GHSA-xf96-32q2-9rw2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3hd-njh3-b3bg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10464?format=api", "vulnerability_id": "VCID-d7z6-98fp-r3g2", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute \"add data\" SQL commands via vectors involving \\ (backslash) characters that are not properly handled in operations on array columns.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/9" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48225", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0080" }, { "reference_url": "https://github.com/rails/rails/tree/main/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/main/activerecord" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s" }, { "reference_url": "https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065517", "reference_id": "1065517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065517" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0080", "reference_id": "CVE-2014-0080", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0080" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml", "reference_id": "CVE-2014-0080.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml" }, { "reference_url": "https://github.com/advisories/GHSA-hqf9-rc9j-5fmj", "reference_id": "GHSA-hqf9-rc9j-5fmj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hqf9-rc9j-5fmj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50161?format=api", "purl": "pkg:gem/activerecord@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-31rm-1rpc-g3dq" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-p5sk-7xnp-fygg" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/50642?format=api", "purl": "pkg:gem/activerecord@4.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-96bd-6tam-1qc5" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/73720?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-96bd-6tam-1qc5" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73721?format=api", "purl": "pkg:gem/activerecord@4.1.0.beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-96bd-6tam-1qc5" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta2" } ], "aliases": [ "CVE-2014-0080", "GHSA-hqf9-rc9j-5fmj", "OSV-103438" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7z6-98fp-r3g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11869?format=api", "vulnerability_id": "VCID-jhtd-7tmy-jfaj", "summary": "SQL Injection in Active Record\nSQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/07/02/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/07/02/5" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0876.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0876.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.8162", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2982", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114425", "reference_id": "1114425", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114425" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3482", "reference_id": "CVE-2014-3482", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3482" }, { "reference_url": "https://github.com/advisories/GHSA-mhwp-qhpc-h3jm", "reference_id": "GHSA-mhwp-qhpc-h3jm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhwp-qhpc-h3jm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0876", "reference_id": "RHSA-2014:0876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0876" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53566?format=api", "purl": "pkg:gem/activerecord@3.2.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/73702?format=api", "purl": "pkg:gem/activerecord@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-58gq-e3v2-vkac" }, { "vulnerability": "VCID-96bd-6tam-1qc5" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-hvhe-s78h-p3bk" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.0" } ], "aliases": [ "CVE-2014-3482", "GHSA-mhwp-qhpc-h3jm", "OSV-108664" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhtd-7tmy-jfaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16427?format=api", "vulnerability_id": "VCID-jug9-esjy-8fh5", "summary": "Active Record component in Ruby on Rails has a data-type injection vulnerability\nThe Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the \"typed XML\" feature and a MySQL database.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2013/02/06/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/02/06/7" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/04/24/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/04/24/7" }, { "reference_url": "http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65498", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3221" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain" }, { "reference_url": "https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=954365", "reference_id": "954365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=954365" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3221", "reference_id": "CVE-2013-3221", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3221" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml", "reference_id": "CVE-2013-3221.YML", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml" }, { "reference_url": "https://github.com/advisories/GHSA-f57c-hx33-hvh8", "reference_id": "GHSA-f57c-hx33-hvh8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f57c-hx33-hvh8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62034?format=api", "purl": "pkg:gem/activerecord@4.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-96bd-6tam-1qc5" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-hvhe-s78h-p3bk" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-w3hp-78sw-hfa4" }, { "vulnerability": "VCID-ybar-scwr-fuds" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.0" } ], "aliases": [ "CVE-2013-3221", "GHSA-f57c-hx33-hvh8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jug9-esjy-8fh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10839?format=api", "vulnerability_id": "VCID-k8rq-jbrg-3qb3", "summary": "Nested attributes rejection proc bypass\nWhen using the nested attributes feature in Active Record you can prevent the destruction of associated records by passing the `allow_destroy: false` option to the `accepts_nested_attributes_for` method. The `allow_destroy` flag prevents the `:reject_if` proc from being called because it assumes that the record will be destroyed anyway. However, this is not true if `:allow_destroy` is false so this leads to changes that would have been rejected being applied to the record. Attackers could set attributes to invalid values or clear all the attributes.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.79284", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957", "reference_id": "1301957", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577", "reference_id": "CVE-2015-7577", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml", "reference_id": "CVE-2015-7577.YML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xrr6-3pc4-m447", "reference_id": "GHSA-xrr6-3pc4-m447", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrr6-3pc4-m447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51456?format=api", "purl": "pkg:gem/activerecord@3.2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51457?format=api", "purl": "pkg:gem/activerecord@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-96bd-6tam-1qc5" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51458?format=api", "purl": "pkg:gem/activerecord@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-96bd-6tam-1qc5" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-w3hp-78sw-hfa4" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51459?format=api", "purl": "pkg:gem/activerecord@5.0.0.beta1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-w3hp-78sw-hfa4" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.0.0.beta1.1" } ], "aliases": [ "CVE-2015-7577", "GHSA-xrr6-3pc4-m447" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8rq-jbrg-3qb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/307109?format=api", "vulnerability_id": "VCID-v12d-fr9k-7ufu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57339", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290" }, { "reference_url": "https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b" }, { "reference_url": "https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55193" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106", "reference_id": "1111106", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388446", "reference_id": "2388446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388446" }, { "reference_url": "https://github.com/advisories/GHSA-76r7-hhxj-r776", "reference_id": "GHSA-76r7-hhxj-r776", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-76r7-hhxj-r776" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194863?format=api", "purl": "pkg:gem/activerecord@7.1.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.1.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/166391?format=api", "purl": "pkg:gem/activerecord@7.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v12d-fr9k-7ufu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194862?format=api", "purl": "pkg:gem/activerecord@7.2.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/166400?format=api", "purl": "pkg:gem/activerecord@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v12d-fr9k-7ufu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/194861?format=api", "purl": "pkg:gem/activerecord@8.0.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.2.1" } ], "aliases": [ "CVE-2025-55193", "GHSA-76r7-hhxj-r776" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v12d-fr9k-7ufu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16647?format=api", "vulnerability_id": "VCID-vbkg-umrg-gkfm", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81691", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44566" }, { "reference_url": "https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/" } ], "url": "https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf" }, { "reference_url": "https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid" }, { "reference_url": "https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164789", "reference_id": "2164789", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164789" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44566", "reference_id": "CVE-2022-44566", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44566" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml", "reference_id": "CVE-2022-44566.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml" }, { "reference_url": "https://github.com/advisories/GHSA-579w-22j4-4749", "reference_id": "GHSA-579w-22j4-4749", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-579w-22j4-4749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62442?format=api", "purl": "pkg:gem/activerecord@6.1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v12d-fr9k-7ufu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62443?format=api", "purl": "pkg:gem/activerecord@7.0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v12d-fr9k-7ufu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.4.1" } ], "aliases": [ "CVE-2022-44566", "GHSA-579w-22j4-4749", "GMS-2023-59" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vbkg-umrg-gkfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10338?format=api", "vulnerability_id": "VCID-vvth-cjt4-akg8", "summary": "Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0\nThere is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91428", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277" }, { "reference_url": "http://securitytracker.com/id?1028109", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1028109" }, { "reference_url": "https://github.com/rails/rails/tree/v6.1.4.1/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/v6.1.4.1/activerecord" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2620", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/11/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909633", "reference_id": "909633", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909633" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0277", "reference_id": "CVE-2013-0277", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0277" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-0277", "reference_id": "CVE-2013-0277", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-0277" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml", "reference_id": "CVE-2013-0277.YML", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml" }, { "reference_url": "https://github.com/advisories/GHSA-fhj9-cjjh-27vm", "reference_id": "GHSA-fhj9-cjjh-27vm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fhj9-cjjh-27vm" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2013-0277", "GHSA-fhj9-cjjh-27vm", "OSV-90073" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vvth-cjt4-akg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10329?format=api", "vulnerability_id": "VCID-yd25-ket2-67d3", "summary": "Unsafe Query Generation Risk in Ruby on Rails\nDue to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with \"IS NULL\" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it.", "references": [ { "reference_url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95308", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0155" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2609", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2609" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892866", "reference_id": "892866", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892866" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0155", "reference_id": "CVE-2013-0155", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0155" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml", "reference_id": "CVE-2013-0155.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gppp-5xc5-wfpx", "reference_id": "GHSA-gppp-5xc5-wfpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gppp-5xc5-wfpx" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50252?format=api", "purl": "pkg:gem/activerecord@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/94635?format=api", "purl": "pkg:gem/activerecord@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-31rm-1rpc-g3dq" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-p5sk-7xnp-fygg" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/50253?format=api", "purl": "pkg:gem/activerecord@3.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.11" } ], "aliases": [ "CVE-2013-0155", "GHSA-gppp-5xc5-wfpx", "OSV-89025" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yd25-ket2-67d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11826?format=api", "vulnerability_id": "VCID-zy5d-6a4f-wua5", "summary": "Improper Input Validation\nRuby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3933", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72616", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3933" }, { "reference_url": "http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/41930" }, { "reference_url": "http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1024624" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae" }, { "reference_url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585" }, { "reference_url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930" }, { "reference_url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624" }, { "reference_url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2719", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/2719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933", "reference_id": "CVE-2010-3933", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml", "reference_id": "CVE-2010-3933.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf", "reference_id": "GHSA-gjxw-5w2q-7grf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2010-3933", "GHSA-gjxw-5w2q-7grf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zy5d-6a4f-wua5" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10294?format=api", "vulnerability_id": "VCID-31rm-1rpc-g3dq", "summary": "SQL Injection\nRuby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36566", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b" }, { "reference_url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml" }, { "reference_url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353", "reference_id": "827353", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660", "reference_id": "CVE-2012-2660", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml", "reference_id": "CVE-2012-2660.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml", "reference_id": "CVE-2012-2660.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf", "reference_id": "GHSA-hgpp-pp89-4fgf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50162?format=api", "purl": "pkg:gem/activerecord@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/53446?format=api", "purl": "pkg:gem/activerecord@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-31rm-1rpc-g3dq" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-p5sk-7xnp-fygg" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/50163?format=api", "purl": "pkg:gem/activerecord@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/94635?format=api", "purl": "pkg:gem/activerecord@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-31rm-1rpc-g3dq" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-p5sk-7xnp-fygg" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/50164?format=api", "purl": "pkg:gem/activerecord@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4" } ], "aliases": [ "CVE-2012-2660", "GHSA-hgpp-pp89-4fgf", "OSV-82610" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-31rm-1rpc-g3dq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10295?format=api", "vulnerability_id": "VCID-p5sk-7xnp-fygg", "summary": "SQL injection vulnerability in Active Record\nDue to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00627", "scoring_system": "epss", "scoring_elements": "0.70564", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661" }, { "reference_url": "https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827363", "reference_id": "827363", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827363" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2661", "reference_id": "CVE-2012-2661", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2661" }, { "reference_url": "https://github.com/advisories/GHSA-fh39-v733-mxfr", "reference_id": "GHSA-fh39-v733-mxfr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fh39-v733-mxfr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86273?format=api", "purl": "pkg:gem/activerecord@2.3.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-31rm-1rpc-g3dq" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-p5sk-7xnp-fygg" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/50162?format=api", "purl": "pkg:gem/activerecord@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/53446?format=api", "purl": "pkg:gem/activerecord@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-31rm-1rpc-g3dq" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-p5sk-7xnp-fygg" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/50163?format=api", "purl": "pkg:gem/activerecord@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/94635?format=api", "purl": "pkg:gem/activerecord@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-31rm-1rpc-g3dq" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-p5sk-7xnp-fygg" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/50164?format=api", "purl": "pkg:gem/activerecord@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12f4-gcj5-h3cu" }, { "vulnerability": "VCID-1r5t-n9ys-zbbu" }, { "vulnerability": "VCID-2bpy-kbwe-zbg8" }, { "vulnerability": "VCID-2dgz-cqjx-bkaw" }, { "vulnerability": "VCID-2vex-unxw-jub9" }, { "vulnerability": "VCID-3gxu-74a5-m7cv" }, { "vulnerability": "VCID-3sqw-5cpa-5qgg" }, { "vulnerability": "VCID-57uk-2vgz-kyhn" }, { "vulnerability": "VCID-9xfd-d2ff-uuec" }, { "vulnerability": "VCID-c3hd-njh3-b3bg" }, { "vulnerability": "VCID-d7z6-98fp-r3g2" }, { "vulnerability": "VCID-jhtd-7tmy-jfaj" }, { "vulnerability": "VCID-jug9-esjy-8fh5" }, { "vulnerability": "VCID-k8rq-jbrg-3qb3" }, { "vulnerability": "VCID-v12d-fr9k-7ufu" }, { "vulnerability": "VCID-vbkg-umrg-gkfm" }, { "vulnerability": "VCID-vvth-cjt4-akg8" }, { "vulnerability": "VCID-yd25-ket2-67d3" }, { "vulnerability": "VCID-zy5d-6a4f-wua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4" } ], "aliases": [ "CVE-2012-2661", "GHSA-fh39-v733-mxfr", "OSV-82403" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5sk-7xnp-fygg" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5" }