Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/activerecord@4.1.3
Typegem
Namespace
Nameactiverecord
Version4.1.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-12f4-gcj5-h3cu
vulnerability_id VCID-12f4-gcj5-h3cu
summary 
activerecord vulnerable to SQL Injection
The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2695
reference_id
reference_type
scores
0
value 0.00637
scoring_system epss
scoring_elements 0.70816
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2695
6
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
7
reference_url https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18
8
reference_url https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain
9
reference_url https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2695
reference_id CVE-2012-2695
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2695
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml
reference_id CVE-2012-2695.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml
12
reference_url https://github.com/advisories/GHSA-76wq-xw4h-f8wj
reference_id GHSA-76wq-xw4h-f8wj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-76wq-xw4h-f8wj
fixed_packages
aliases CVE-2012-2695, GHSA-76wq-xw4h-f8wj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12f4-gcj5-h3cu
1
url VCID-1r5t-n9ys-zbbu
vulnerability_id VCID-1r5t-n9ys-zbbu
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0448
reference_id
reference_type
scores
0
value 0.00689
scoring_system epss
scoring_elements 0.72094
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0448
3
reference_url http://secunia.com/advisories/43278
reference_id
reference_type
scores
url http://secunia.com/advisories/43278
4
reference_url http://securitytracker.com/id?1025063
reference_id
reference_type
scores
url http://securitytracker.com/id?1025063
5
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
6
reference_url https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
7
reference_url https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063
8
reference_url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
9
reference_url http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0877
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0448
reference_id CVE-2011-0448
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0448
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
reference_id CVE-2011-0448.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
12
reference_url https://github.com/advisories/GHSA-jmm9-2p29-vh2w
reference_id GHSA-jmm9-2p29-vh2w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmm9-2p29-vh2w
13
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-0448, GHSA-jmm9-2p29-vh2w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1r5t-n9ys-zbbu
2
url VCID-2dgz-cqjx-bkaw
vulnerability_id VCID-2dgz-cqjx-bkaw
summary 
activerecord vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2930
reference_id
reference_type
scores
0
value 0.00955
scoring_system epss
scoring_elements 0.76737
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2930
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=731438
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=731438
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85
6
reference_url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
7
reference_url http://www.debian.org/security/2011/dsa-2301
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2301
8
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
9
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
10
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
11
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
12
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
13
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2930
reference_id CVE-2011-2930
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2930
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml
reference_id CVE-2011-2930.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml
16
reference_url https://github.com/advisories/GHSA-h6w6-xmqv-7q78
reference_id GHSA-h6w6-xmqv-7q78
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h6w6-xmqv-7q78
17
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-2930, GHSA-h6w6-xmqv-7q78
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dgz-cqjx-bkaw
3
url VCID-3gxu-74a5-m7cv
vulnerability_id VCID-3gxu-74a5-m7cv
summary 
Strong Parameter bypass with create_with
The `create_with` functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection.
references
0
reference_url http://openwall.com/lists/oss-security/2014/08/18/10
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/08/18/10
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1102.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1102.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3514
reference_id
reference_type
scores
0
value 0.00331
scoring_system epss
scoring_elements 0.56267
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3514
3
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
4
reference_url https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
5
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3514
reference_id CVE-2014-3514
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3514
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml
reference_id CVE-2014-3514.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml
8
reference_url https://github.com/advisories/GHSA-9rf5-jm6f-2fmm
reference_id GHSA-9rf5-jm6f-2fmm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9rf5-jm6f-2fmm
fixed_packages
0
url pkg:gem/activerecord@4.1.5
purl pkg:gem/activerecord@4.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12f4-gcj5-h3cu
1
vulnerability VCID-1r5t-n9ys-zbbu
2
vulnerability VCID-2dgz-cqjx-bkaw
3
vulnerability VCID-96bd-6tam-1qc5
4
vulnerability VCID-c3hd-njh3-b3bg
5
vulnerability VCID-k8rq-jbrg-3qb3
6
vulnerability VCID-v12d-fr9k-7ufu
7
vulnerability VCID-zy5d-6a4f-wua5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.5
aliases CVE-2014-3514, GHSA-9rf5-jm6f-2fmm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gxu-74a5-m7cv
4
url VCID-96bd-6tam-1qc5
vulnerability_id VCID-96bd-6tam-1qc5
summary 
Improper Access Control
The Rails gem does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing `WHERE` clauses via a crafted request.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-1855.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1855.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6317
reference_id
reference_type
scores
0
value 0.00381
scoring_system epss
scoring_elements 0.59784
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6317
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s
4
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA
5
reference_url http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released
6
reference_url http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
7
reference_url http://www.openwall.com/lists/oss-security/2016/08/11/4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/08/11/4
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154
reference_id 834154
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6317
reference_id CVE-2016-6317
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-6317
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml
reference_id CVE-2016-6317.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml
11
reference_url https://github.com/advisories/GHSA-pr3r-4wrp-r2pv
reference_id GHSA-pr3r-4wrp-r2pv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pr3r-4wrp-r2pv
fixed_packages
0
url pkg:gem/activerecord@4.2.7.1
purl pkg:gem/activerecord@4.2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12f4-gcj5-h3cu
1
vulnerability VCID-1r5t-n9ys-zbbu
2
vulnerability VCID-2dgz-cqjx-bkaw
3
vulnerability VCID-c3hd-njh3-b3bg
4
vulnerability VCID-v12d-fr9k-7ufu
5
vulnerability VCID-zy5d-6a4f-wua5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.7.1
aliases CVE-2016-6317, GHSA-pr3r-4wrp-r2pv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96bd-6tam-1qc5
5
url VCID-c3hd-njh3-b3bg
vulnerability_id VCID-c3hd-njh3-b3bg
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
references
0
reference_url http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
reference_id
reference_type
scores
url http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
1
reference_url http://gist.github.com/8946
reference_id
reference_type
scores
url http://gist.github.com/8946
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
3
reference_url http://rails.lighthouseapp.com/projects/8994/tickets/288
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rails.lighthouseapp.com/projects/8994/tickets/288
4
reference_url http://rails.lighthouseapp.com/projects/8994/tickets/964
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rails.lighthouseapp.com/projects/8994/tickets/964
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-4094
reference_id
reference_type
scores
0
value 0.03119
scoring_system epss
scoring_elements 0.87069
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-4094
6
reference_url http://secunia.com/advisories/31875
reference_id
reference_type
scores
url http://secunia.com/advisories/31875
7
reference_url http://secunia.com/advisories/31909
reference_id
reference_type
scores
url http://secunia.com/advisories/31909
8
reference_url http://secunia.com/advisories/31910
reference_id
reference_type
scores
url http://secunia.com/advisories/31910
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/45109
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/45109
10
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
11
reference_url https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645
12
reference_url https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
13
reference_url https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch
14
reference_url https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch
15
reference_url https://web.archive.org/web/20081104151751/http://gist.github.com/8946
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081104151751/http://gist.github.com/8946
16
reference_url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875
17
reference_url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/
reference_id
reference_type
scores
url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/
18
reference_url https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909
19
reference_url https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910
20
reference_url https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562
21
reference_url https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176
22
reference_url https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871
23
reference_url http://www.openwall.com/lists/oss-security/2008/09/13/2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2008/09/13/2
24
reference_url http://www.openwall.com/lists/oss-security/2008/09/16/1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2008/09/16/1
25
reference_url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter
26
reference_url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
reference_id
reference_type
scores
url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
27
reference_url http://www.securityfocus.com/bid/31176
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/31176
28
reference_url http://www.securitytracker.com/id?1020871
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1020871
29
reference_url http://www.vupen.com/english/advisories/2008/2562
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2008/2562
30
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791
reference_id 500791
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791
31
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-4094
reference_id CVE-2008-4094
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-4094
32
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml
reference_id CVE-2008-4094.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml
33
reference_url https://github.com/advisories/GHSA-xf96-32q2-9rw2
reference_id GHSA-xf96-32q2-9rw2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xf96-32q2-9rw2
34
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
aliases CVE-2008-4094, GHSA-xf96-32q2-9rw2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3hd-njh3-b3bg
6
url VCID-k8rq-jbrg-3qb3
vulnerability_id VCID-k8rq-jbrg-3qb3
summary 
Nested attributes rejection proc bypass
When using the nested attributes feature in Active Record you can prevent the destruction of associated records by passing the `allow_destroy: false` option to the `accepts_nested_attributes_for` method. The `allow_destroy` flag prevents the `:reject_if` proc from being called because it assumes that the record will be destroyed anyway. However, this is not true if `:allow_destroy` is false so this leads to changes that would have been rejected being applied to the record. Attackers could set attributes to invalid values or clear all the attributes.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-0296.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0296.html
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7577
reference_id
reference_type
scores
0
value 0.01209
scoring_system epss
scoring_elements 0.79284
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7577
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g
9
reference_url http://www.debian.org/security/2016/dsa-3464
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3464
10
reference_url http://www.openwall.com/lists/oss-security/2016/01/25/10
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/01/25/10
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7577
reference_id CVE-2015-7577
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7577
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml
reference_id CVE-2015-7577.YML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml
13
reference_url https://github.com/advisories/GHSA-xrr6-3pc4-m447
reference_id GHSA-xrr6-3pc4-m447
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xrr6-3pc4-m447
fixed_packages
0
url pkg:gem/activerecord@4.1.14.1
purl pkg:gem/activerecord@4.1.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12f4-gcj5-h3cu
1
vulnerability VCID-1r5t-n9ys-zbbu
2
vulnerability VCID-2dgz-cqjx-bkaw
3
vulnerability VCID-96bd-6tam-1qc5
4
vulnerability VCID-c3hd-njh3-b3bg
5
vulnerability VCID-v12d-fr9k-7ufu
6
vulnerability VCID-zy5d-6a4f-wua5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.14.1
1
url pkg:gem/activerecord@4.2.5.1
purl pkg:gem/activerecord@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12f4-gcj5-h3cu
1
vulnerability VCID-1r5t-n9ys-zbbu
2
vulnerability VCID-2dgz-cqjx-bkaw
3
vulnerability VCID-96bd-6tam-1qc5
4
vulnerability VCID-c3hd-njh3-b3bg
5
vulnerability VCID-v12d-fr9k-7ufu
6
vulnerability VCID-zy5d-6a4f-wua5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.5.1
2
url pkg:gem/activerecord@5.0.0.beta1.1
purl pkg:gem/activerecord@5.0.0.beta1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12f4-gcj5-h3cu
1
vulnerability VCID-1r5t-n9ys-zbbu
2
vulnerability VCID-2dgz-cqjx-bkaw
3
vulnerability VCID-c3hd-njh3-b3bg
4
vulnerability VCID-v12d-fr9k-7ufu
5
vulnerability VCID-zy5d-6a4f-wua5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.0.0.beta1.1
aliases CVE-2015-7577, GHSA-xrr6-3pc4-m447
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8rq-jbrg-3qb3
7
url VCID-v12d-fr9k-7ufu
vulnerability_id VCID-v12d-fr9k-7ufu
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55193
reference_id
reference_type
scores
0
value 0.00346
scoring_system epss
scoring_elements 0.57339
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55193
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/
url https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
5
reference_url https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/
url https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
6
reference_url https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/
url https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
7
reference_url https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/
url https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55193
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55193
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106
reference_id 1111106
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2388446
reference_id 2388446
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2388446
fixed_packages
0
url pkg:gem/activerecord@7.1.5.2
purl pkg:gem/activerecord@7.1.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.1.5.2
1
url pkg:gem/activerecord@7.2.2.2
purl pkg:gem/activerecord@7.2.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.2.2
2
url pkg:gem/activerecord@8.0.2.1
purl pkg:gem/activerecord@8.0.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.2.1
aliases CVE-2025-55193, GHSA-76r7-hhxj-r776
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v12d-fr9k-7ufu
8
url VCID-zy5d-6a4f-wua5
vulnerability_id VCID-zy5d-6a4f-wua5
summary 
Improper Input Validation
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-3933
reference_id
reference_type
scores
0
value 0.00712
scoring_system epss
scoring_elements 0.72616
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-3933
1
reference_url http://secunia.com/advisories/41930
reference_id
reference_type
scores
url http://secunia.com/advisories/41930
2
reference_url http://securitytracker.com/id?1024624
reference_id
reference_type
scores
url http://securitytracker.com/id?1024624
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae
5
reference_url https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585
6
reference_url https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html
7
reference_url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930
8
reference_url https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624
9
reference_url http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0
10
reference_url http://www.vupen.com/english/advisories/2010/2719
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2010/2719
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-3933
reference_id CVE-2010-3933
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-3933
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml
reference_id CVE-2010-3933.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml
13
reference_url https://github.com/advisories/GHSA-gjxw-5w2q-7grf
reference_id GHSA-gjxw-5w2q-7grf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjxw-5w2q-7grf
14
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2010-3933, GHSA-gjxw-5w2q-7grf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zy5d-6a4f-wua5
Fixing_vulnerabilities
0
url VCID-9xfd-d2ff-uuec
vulnerability_id VCID-9xfd-d2ff-uuec
summary 
SQL Injection Vulnerabilities Affecting PostgreSQL
SQLi vulnerability in activerecord.
references
0
reference_url http://openwall.com/lists/oss-security/2014/07/02/5
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/07/02/5
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0877.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0877.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3483
reference_id
reference_type
scores
0
value 0.00924
scoring_system epss
scoring_elements 0.76349
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3483
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483
5
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
6
reference_url https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
reference_id
reference_type
scores
url https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
7
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4
8
reference_url https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341
9
reference_url http://www.debian.org/security/2014/dsa-2982
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2982
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3483
reference_id CVE-2014-3483
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3483
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml
reference_id CVE-2014-3483.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml
12
reference_url https://github.com/advisories/GHSA-r8fh-hq2p-7qhq
reference_id GHSA-r8fh-hq2p-7qhq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r8fh-hq2p-7qhq
fixed_packages
0
url pkg:gem/activerecord@4.0.7
purl pkg:gem/activerecord@4.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12f4-gcj5-h3cu
1
vulnerability VCID-1r5t-n9ys-zbbu
2
vulnerability VCID-2dgz-cqjx-bkaw
3
vulnerability VCID-3gxu-74a5-m7cv
4
vulnerability VCID-96bd-6tam-1qc5
5
vulnerability VCID-c3hd-njh3-b3bg
6
vulnerability VCID-k8rq-jbrg-3qb3
7
vulnerability VCID-v12d-fr9k-7ufu
8
vulnerability VCID-zy5d-6a4f-wua5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.7
1
url pkg:gem/activerecord@4.1.0.beta1
purl pkg:gem/activerecord@4.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12f4-gcj5-h3cu
1
vulnerability VCID-1r5t-n9ys-zbbu
2
vulnerability VCID-2dgz-cqjx-bkaw
3
vulnerability VCID-3gxu-74a5-m7cv
4
vulnerability VCID-96bd-6tam-1qc5
5
vulnerability VCID-9xfd-d2ff-uuec
6
vulnerability VCID-c3hd-njh3-b3bg
7
vulnerability VCID-d7z6-98fp-r3g2
8
vulnerability VCID-jhtd-7tmy-jfaj
9
vulnerability VCID-k8rq-jbrg-3qb3
10
vulnerability VCID-v12d-fr9k-7ufu
11
vulnerability VCID-zy5d-6a4f-wua5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1
2
url pkg:gem/activerecord@4.1.3
purl pkg:gem/activerecord@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12f4-gcj5-h3cu
1
vulnerability VCID-1r5t-n9ys-zbbu
2
vulnerability VCID-2dgz-cqjx-bkaw
3
vulnerability VCID-3gxu-74a5-m7cv
4
vulnerability VCID-96bd-6tam-1qc5
5
vulnerability VCID-c3hd-njh3-b3bg
6
vulnerability VCID-k8rq-jbrg-3qb3
7
vulnerability VCID-v12d-fr9k-7ufu
8
vulnerability VCID-zy5d-6a4f-wua5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.3
aliases CVE-2014-3483, GHSA-r8fh-hq2p-7qhq, OSV-108665
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xfd-d2ff-uuec
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.3