Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/actionview@3.2.22.1

Type gem

Namespace

Name actionview

Version 3.2.22.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.2.3.1

Latest_non_vulnerable_version 8.1.2.1

Affected_by_vulnerabilities

url VCID-7spd-zybv-pbgm

vulnerability_id VCID-7spd-zybv-pbgm

summary

Possible Information Leak Vulnerability
Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2097

reference_id

reference_type

scores

value	0.01912
scoring_system	epss
scoring_elements	0.83657
published_at	2026-06-06T12:55:00Z

value	0.01912
scoring_system	epss
scoring_elements	0.83654
published_at	2026-06-07T12:55:00Z

value	0.01912
scoring_system	epss
scoring_elements	0.83633
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4

reference_url	https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4

reference_url

https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122

reference_url

https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726

reference_url

https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ

reference_url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

reference_url

http://www.debian.org/security/2016/dsa-3509

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3509

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1310043
reference_id	1310043
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1310043

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2097

reference_id

CVE-2016-2097

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2097

reference_url

https://github.com/advisories/GHSA-vx9j-46rh-fqr8

reference_id

GHSA-vx9j-46rh-fqr8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vx9j-46rh-fqr8

reference_url	https://access.redhat.com/errata/RHSA-2016:0454
reference_id	RHSA-2016:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0454

reference_url	https://access.redhat.com/errata/RHSA-2016:0455
reference_id	RHSA-2016:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0455

reference_url	https://access.redhat.com/errata/RHSA-2016:0456
reference_id	RHSA-2016:0456
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0456

fixed_packages

url pkg:gem/actionview@3.2.22.2

purl pkg:gem/actionview@3.2.22.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fj3n-g8wp-bbaj

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@3.2.22.2

url pkg:gem/actionview@4.1.14.2

purl pkg:gem/actionview@4.1.14.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4uv1-e1me-hqb3

vulnerability	VCID-6xc5-88jj-yya5

vulnerability	VCID-fj3n-g8wp-bbaj

vulnerability	VCID-fs3e-5muq-5qas

vulnerability	VCID-mz5z-rp6w-hqf3

vulnerability	VCID-nd1r-p5cw-8kcz

vulnerability	VCID-qs1d-fexs-dfek

vulnerability	VCID-vh4s-n814-g7dr

vulnerability	VCID-ygbt-c5f8-byfc

vulnerability	VCID-z21g-8h32-yyf6

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@4.1.14.2

aliases CVE-2016-2097, GHSA-vx9j-46rh-fqr8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7spd-zybv-pbgm

url VCID-9k4j-w933-7qbf

vulnerability_id VCID-9k4j-w933-7qbf

summary

Moderate severity vulnerability that affects actionview
Withdrawn, accidental duplicate publish.

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.

references

reference_url

https://github.com/advisories/GHSA-2pwf-xwr3-hp55

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-2pwf-xwr3-hp55

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2097

reference_id

CVE-2016-2097

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2097

fixed_packages

url pkg:gem/actionview@3.2.22.2

purl pkg:gem/actionview@3.2.22.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fj3n-g8wp-bbaj

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@3.2.22.2

url pkg:gem/actionview@4.1.14.2

purl pkg:gem/actionview@4.1.14.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4uv1-e1me-hqb3

vulnerability	VCID-6xc5-88jj-yya5

vulnerability	VCID-fj3n-g8wp-bbaj

vulnerability	VCID-fs3e-5muq-5qas

vulnerability	VCID-mz5z-rp6w-hqf3

vulnerability	VCID-nd1r-p5cw-8kcz

vulnerability	VCID-qs1d-fexs-dfek

vulnerability	VCID-vh4s-n814-g7dr

vulnerability	VCID-ygbt-c5f8-byfc

vulnerability	VCID-z21g-8h32-yyf6

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@4.1.14.2

aliases GHSA-2pwf-xwr3-hp55

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9k4j-w933-7qbf

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@3.2.22.1

Package Instance