Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionpack@4.2.5.0
Typegem
Namespace
Nameactionpack
Version4.2.5.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.1.2.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-1pzg-37dp-cyb1
vulnerability_id VCID-1pzg-37dp-cyb1
summary 
Possible Object Leak and Denial of Service attack
A carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-0296.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0296.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-0751
reference_id
reference_type
scores
0
value 0.08895
scoring_system epss
scoring_elements 0.92711
published_at 2026-06-04T12:55:00Z
1
value 0.08895
scoring_system epss
scoring_elements 0.92723
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-0751
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
18
reference_url https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17
19
reference_url https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6
20
reference_url https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af
21
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml
22
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ
23
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0751
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0751
25
reference_url https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816
26
reference_url https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800
27
reference_url http://www.debian.org/security/2016/dsa-3464
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3464
28
reference_url http://www.openwall.com/lists/oss-security/2016/01/25/9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/01/25/9
29
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1301946
reference_id 1301946
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1301946
30
reference_url https://github.com/advisories/GHSA-ffpv-c4hm-3x6v
reference_id GHSA-ffpv-c4hm-3x6v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ffpv-c4hm-3x6v
31
reference_url https://access.redhat.com/errata/RHSA-2016:0296
reference_id RHSA-2016:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0296
32
reference_url https://access.redhat.com/errata/RHSA-2016:0454
reference_id RHSA-2016:0454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0454
33
reference_url https://access.redhat.com/errata/RHSA-2016:0455
reference_id RHSA-2016:0455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0455
fixed_packages
0
url pkg:gem/actionpack@4.2.5.1
purl pkg:gem/actionpack@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37qm-tp8v-tugb
1
vulnerability VCID-4uv1-e1me-hqb3
2
vulnerability VCID-75m1-xqdk-j7f3
3
vulnerability VCID-9t5z-1umq-qbe4
4
vulnerability VCID-9xc9-zvs2-1kde
5
vulnerability VCID-b464-j8ja-hke6
6
vulnerability VCID-bcwq-ngna-fqhd
7
vulnerability VCID-bfqq-ypyw-dycj
8
vulnerability VCID-cbvq-4ze7-r3g6
9
vulnerability VCID-chxq-j9us-cygh
10
vulnerability VCID-egdx-4qqa-guh1
11
vulnerability VCID-f21a-143f-9qay
12
vulnerability VCID-f7bp-x4q3-jbeh
13
vulnerability VCID-ftus-vcww-2kgf
14
vulnerability VCID-hdu6-u2pb-aqhp
15
vulnerability VCID-hxcf-k4te-h3gu
16
vulnerability VCID-jkk1-jx5j-q3ch
17
vulnerability VCID-n798-maqx-y3c9
18
vulnerability VCID-nhny-abkr-6qhb
19
vulnerability VCID-nprk-kfvh-vqfh
20
vulnerability VCID-nt1m-frdh-tbbq
21
vulnerability VCID-p6yg-d8wm-4bgz
22
vulnerability VCID-sw7t-5s3e-vkhx
23
vulnerability VCID-ufrj-jn16-jybn
24
vulnerability VCID-ugdk-t2vk-nkfc
25
vulnerability VCID-v3vg-9jdz-guf5
26
vulnerability VCID-vp3u-cexw-57a4
27
vulnerability VCID-ypcy-hry9-5fa3
28
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1
1
url pkg:gem/actionpack@5.0.0.beta1.1
purl pkg:gem/actionpack@5.0.0.beta1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37qm-tp8v-tugb
1
vulnerability VCID-4uv1-e1me-hqb3
2
vulnerability VCID-75m1-xqdk-j7f3
3
vulnerability VCID-9t5z-1umq-qbe4
4
vulnerability VCID-b464-j8ja-hke6
5
vulnerability VCID-bcwq-ngna-fqhd
6
vulnerability VCID-bfqq-ypyw-dycj
7
vulnerability VCID-cbvq-4ze7-r3g6
8
vulnerability VCID-chxq-j9us-cygh
9
vulnerability VCID-egdx-4qqa-guh1
10
vulnerability VCID-f21a-143f-9qay
11
vulnerability VCID-f7bp-x4q3-jbeh
12
vulnerability VCID-ftus-vcww-2kgf
13
vulnerability VCID-hdu6-u2pb-aqhp
14
vulnerability VCID-hxcf-k4te-h3gu
15
vulnerability VCID-jkk1-jx5j-q3ch
16
vulnerability VCID-n798-maqx-y3c9
17
vulnerability VCID-nhny-abkr-6qhb
18
vulnerability VCID-nprk-kfvh-vqfh
19
vulnerability VCID-p6yg-d8wm-4bgz
20
vulnerability VCID-sw7t-5s3e-vkhx
21
vulnerability VCID-ufrj-jn16-jybn
22
vulnerability VCID-ugdk-t2vk-nkfc
23
vulnerability VCID-v3vg-9jdz-guf5
24
vulnerability VCID-vp3u-cexw-57a4
25
vulnerability VCID-ypcy-hry9-5fa3
26
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1
aliases CVE-2016-0751, GHSA-ffpv-c4hm-3x6v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1pzg-37dp-cyb1
1
url VCID-ecg2-wcty-b7hw
vulnerability_id VCID-ecg2-wcty-b7hw
summary 
Object leak vulnerability for wildcard controller routes
Users that have a route that contains the string `:controller` are susceptible to objects being leaked globally which can lead to unbounded memory growth. To identify if your application is vulnerable, look for routes that contain `:controller`.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-0296.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0296.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7581.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7581.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7581
reference_id
reference_type
scores
0
value 0.08542
scoring_system epss
scoring_elements 0.92536
published_at 2026-06-04T12:55:00Z
1
value 0.08542
scoring_system epss
scoring_elements 0.92549
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7581
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
15
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml
17
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ
18
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7581
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7581
20
reference_url https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677
21
reference_url https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816
22
reference_url http://www.debian.org/security/2016/dsa-3464
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3464
23
reference_url http://www.openwall.com/lists/oss-security/2016/01/25/16
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/01/25/16
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1301981
reference_id 1301981
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1301981
25
reference_url https://github.com/advisories/GHSA-9h6g-gp95-x3q5
reference_id GHSA-9h6g-gp95-x3q5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9h6g-gp95-x3q5
26
reference_url https://access.redhat.com/errata/RHSA-2016:0296
reference_id RHSA-2016:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0296
27
reference_url https://access.redhat.com/errata/RHSA-2016:0454
reference_id RHSA-2016:0454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0454
fixed_packages
0
url pkg:gem/actionpack@4.2.5.1
purl pkg:gem/actionpack@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37qm-tp8v-tugb
1
vulnerability VCID-4uv1-e1me-hqb3
2
vulnerability VCID-75m1-xqdk-j7f3
3
vulnerability VCID-9t5z-1umq-qbe4
4
vulnerability VCID-9xc9-zvs2-1kde
5
vulnerability VCID-b464-j8ja-hke6
6
vulnerability VCID-bcwq-ngna-fqhd
7
vulnerability VCID-bfqq-ypyw-dycj
8
vulnerability VCID-cbvq-4ze7-r3g6
9
vulnerability VCID-chxq-j9us-cygh
10
vulnerability VCID-egdx-4qqa-guh1
11
vulnerability VCID-f21a-143f-9qay
12
vulnerability VCID-f7bp-x4q3-jbeh
13
vulnerability VCID-ftus-vcww-2kgf
14
vulnerability VCID-hdu6-u2pb-aqhp
15
vulnerability VCID-hxcf-k4te-h3gu
16
vulnerability VCID-jkk1-jx5j-q3ch
17
vulnerability VCID-n798-maqx-y3c9
18
vulnerability VCID-nhny-abkr-6qhb
19
vulnerability VCID-nprk-kfvh-vqfh
20
vulnerability VCID-nt1m-frdh-tbbq
21
vulnerability VCID-p6yg-d8wm-4bgz
22
vulnerability VCID-sw7t-5s3e-vkhx
23
vulnerability VCID-ufrj-jn16-jybn
24
vulnerability VCID-ugdk-t2vk-nkfc
25
vulnerability VCID-v3vg-9jdz-guf5
26
vulnerability VCID-vp3u-cexw-57a4
27
vulnerability VCID-ypcy-hry9-5fa3
28
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1
aliases CVE-2015-7581, GHSA-9h6g-gp95-x3q5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecg2-wcty-b7hw
2
url VCID-mf6k-jx45-m3fy
vulnerability_id VCID-mf6k-jx45-m3fy
summary 
Moderate severity vulnerability that affects actionpack
Withdrawn, accidental duplicate publish.

The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.
references
0
reference_url https://github.com/advisories/GHSA-vwfg-qj3r-6v3r
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vwfg-qj3r-6v3r
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7576
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7576
fixed_packages
0
url pkg:gem/actionpack@4.2.5.1
purl pkg:gem/actionpack@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37qm-tp8v-tugb
1
vulnerability VCID-4uv1-e1me-hqb3
2
vulnerability VCID-75m1-xqdk-j7f3
3
vulnerability VCID-9t5z-1umq-qbe4
4
vulnerability VCID-9xc9-zvs2-1kde
5
vulnerability VCID-b464-j8ja-hke6
6
vulnerability VCID-bcwq-ngna-fqhd
7
vulnerability VCID-bfqq-ypyw-dycj
8
vulnerability VCID-cbvq-4ze7-r3g6
9
vulnerability VCID-chxq-j9us-cygh
10
vulnerability VCID-egdx-4qqa-guh1
11
vulnerability VCID-f21a-143f-9qay
12
vulnerability VCID-f7bp-x4q3-jbeh
13
vulnerability VCID-ftus-vcww-2kgf
14
vulnerability VCID-hdu6-u2pb-aqhp
15
vulnerability VCID-hxcf-k4te-h3gu
16
vulnerability VCID-jkk1-jx5j-q3ch
17
vulnerability VCID-n798-maqx-y3c9
18
vulnerability VCID-nhny-abkr-6qhb
19
vulnerability VCID-nprk-kfvh-vqfh
20
vulnerability VCID-nt1m-frdh-tbbq
21
vulnerability VCID-p6yg-d8wm-4bgz
22
vulnerability VCID-sw7t-5s3e-vkhx
23
vulnerability VCID-ufrj-jn16-jybn
24
vulnerability VCID-ugdk-t2vk-nkfc
25
vulnerability VCID-v3vg-9jdz-guf5
26
vulnerability VCID-vp3u-cexw-57a4
27
vulnerability VCID-ypcy-hry9-5fa3
28
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1
aliases GHSA-vwfg-qj3r-6v3r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mf6k-jx45-m3fy
3
url VCID-vv7c-uwnu-nfhb
vulnerability_id VCID-vv7c-uwnu-nfhb
summary 
Moderate severity vulnerability that affects actionpack
Withdrawn, accidental duplicate publish.

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
references
0
reference_url https://github.com/advisories/GHSA-m53f-rhq8-q6hf
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-m53f-rhq8-q6hf
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0751
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0751
fixed_packages
0
url pkg:gem/actionpack@4.2.5.1
purl pkg:gem/actionpack@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37qm-tp8v-tugb
1
vulnerability VCID-4uv1-e1me-hqb3
2
vulnerability VCID-75m1-xqdk-j7f3
3
vulnerability VCID-9t5z-1umq-qbe4
4
vulnerability VCID-9xc9-zvs2-1kde
5
vulnerability VCID-b464-j8ja-hke6
6
vulnerability VCID-bcwq-ngna-fqhd
7
vulnerability VCID-bfqq-ypyw-dycj
8
vulnerability VCID-cbvq-4ze7-r3g6
9
vulnerability VCID-chxq-j9us-cygh
10
vulnerability VCID-egdx-4qqa-guh1
11
vulnerability VCID-f21a-143f-9qay
12
vulnerability VCID-f7bp-x4q3-jbeh
13
vulnerability VCID-ftus-vcww-2kgf
14
vulnerability VCID-hdu6-u2pb-aqhp
15
vulnerability VCID-hxcf-k4te-h3gu
16
vulnerability VCID-jkk1-jx5j-q3ch
17
vulnerability VCID-n798-maqx-y3c9
18
vulnerability VCID-nhny-abkr-6qhb
19
vulnerability VCID-nprk-kfvh-vqfh
20
vulnerability VCID-nt1m-frdh-tbbq
21
vulnerability VCID-p6yg-d8wm-4bgz
22
vulnerability VCID-sw7t-5s3e-vkhx
23
vulnerability VCID-ufrj-jn16-jybn
24
vulnerability VCID-ugdk-t2vk-nkfc
25
vulnerability VCID-v3vg-9jdz-guf5
26
vulnerability VCID-vp3u-cexw-57a4
27
vulnerability VCID-ypcy-hry9-5fa3
28
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1
aliases GHSA-m53f-rhq8-q6hf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vv7c-uwnu-nfhb
4
url VCID-wake-zgkk-vber
vulnerability_id VCID-wake-zgkk-vber
summary 
Path Traversal
The Rails gem allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` in a pathname.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-0296.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://rhn.redhat.com/errata/RHSA-2016-0296.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-0752
reference_id
reference_type
scores
0
value 0.90494
scoring_system epss
scoring_elements 0.99627
published_at 2026-06-04T12:55:00Z
1
value 0.90494
scoring_system epss
scoring_elements 0.99628
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-0752
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
18
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00
19
reference_url https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
20
reference_url https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801
21
reference_url https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816
22
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752
23
reference_url https://www.exploit-db.com/exploits/40561
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40561
24
reference_url http://www.debian.org/security/2016/dsa-3464
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://www.debian.org/security/2016/dsa-3464
25
reference_url http://www.openwall.com/lists/oss-security/2016/01/25/13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://www.openwall.com/lists/oss-security/2016/01/25/13
26
reference_url http://www.securityfocus.com/bid/81801
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://www.securityfocus.com/bid/81801
27
reference_url http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://www.securitytracker.com/id/1034816
28
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1301963
reference_id 1301963
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1301963
29
reference_url https://www.exploit-db.com/exploits/40561/
reference_id 40561
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url https://www.exploit-db.com/exploits/40561/
30
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb
reference_id CVE-2016-0752
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb
31
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0752
reference_id CVE-2016-0752
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0752
32
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml
reference_id CVE-2016-0752.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml
33
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml
reference_id CVE-2016-0752.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml
34
reference_url https://github.com/advisories/GHSA-xrr4-p6fq-hjg7
reference_id GHSA-xrr4-p6fq-hjg7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xrr4-p6fq-hjg7
35
reference_url https://access.redhat.com/errata/RHSA-2016:0296
reference_id RHSA-2016:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0296
36
reference_url https://access.redhat.com/errata/RHSA-2016:0454
reference_id RHSA-2016:0454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0454
37
reference_url https://access.redhat.com/errata/RHSA-2016:0455
reference_id RHSA-2016:0455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0455
fixed_packages
0
url pkg:gem/actionpack@4.2.5.1
purl pkg:gem/actionpack@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37qm-tp8v-tugb
1
vulnerability VCID-4uv1-e1me-hqb3
2
vulnerability VCID-75m1-xqdk-j7f3
3
vulnerability VCID-9t5z-1umq-qbe4
4
vulnerability VCID-9xc9-zvs2-1kde
5
vulnerability VCID-b464-j8ja-hke6
6
vulnerability VCID-bcwq-ngna-fqhd
7
vulnerability VCID-bfqq-ypyw-dycj
8
vulnerability VCID-cbvq-4ze7-r3g6
9
vulnerability VCID-chxq-j9us-cygh
10
vulnerability VCID-egdx-4qqa-guh1
11
vulnerability VCID-f21a-143f-9qay
12
vulnerability VCID-f7bp-x4q3-jbeh
13
vulnerability VCID-ftus-vcww-2kgf
14
vulnerability VCID-hdu6-u2pb-aqhp
15
vulnerability VCID-hxcf-k4te-h3gu
16
vulnerability VCID-jkk1-jx5j-q3ch
17
vulnerability VCID-n798-maqx-y3c9
18
vulnerability VCID-nhny-abkr-6qhb
19
vulnerability VCID-nprk-kfvh-vqfh
20
vulnerability VCID-nt1m-frdh-tbbq
21
vulnerability VCID-p6yg-d8wm-4bgz
22
vulnerability VCID-sw7t-5s3e-vkhx
23
vulnerability VCID-ufrj-jn16-jybn
24
vulnerability VCID-ugdk-t2vk-nkfc
25
vulnerability VCID-v3vg-9jdz-guf5
26
vulnerability VCID-vp3u-cexw-57a4
27
vulnerability VCID-ypcy-hry9-5fa3
28
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1
aliases CVE-2016-0752, GHSA-xrr4-p6fq-hjg7
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wake-zgkk-vber
5
url VCID-y8dx-xevb-bka2
vulnerability_id VCID-y8dx-xevb-bka2
summary 
Moderate severity vulnerability that affects actionpack
Withdrawn, accidental duplicate publish.

actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.
references
0
reference_url https://github.com/advisories/GHSA-544j-77x9-h938
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-544j-77x9-h938
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7581
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7581
fixed_packages
0
url pkg:gem/actionpack@4.2.5.1
purl pkg:gem/actionpack@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37qm-tp8v-tugb
1
vulnerability VCID-4uv1-e1me-hqb3
2
vulnerability VCID-75m1-xqdk-j7f3
3
vulnerability VCID-9t5z-1umq-qbe4
4
vulnerability VCID-9xc9-zvs2-1kde
5
vulnerability VCID-b464-j8ja-hke6
6
vulnerability VCID-bcwq-ngna-fqhd
7
vulnerability VCID-bfqq-ypyw-dycj
8
vulnerability VCID-cbvq-4ze7-r3g6
9
vulnerability VCID-chxq-j9us-cygh
10
vulnerability VCID-egdx-4qqa-guh1
11
vulnerability VCID-f21a-143f-9qay
12
vulnerability VCID-f7bp-x4q3-jbeh
13
vulnerability VCID-ftus-vcww-2kgf
14
vulnerability VCID-hdu6-u2pb-aqhp
15
vulnerability VCID-hxcf-k4te-h3gu
16
vulnerability VCID-jkk1-jx5j-q3ch
17
vulnerability VCID-n798-maqx-y3c9
18
vulnerability VCID-nhny-abkr-6qhb
19
vulnerability VCID-nprk-kfvh-vqfh
20
vulnerability VCID-nt1m-frdh-tbbq
21
vulnerability VCID-p6yg-d8wm-4bgz
22
vulnerability VCID-sw7t-5s3e-vkhx
23
vulnerability VCID-ufrj-jn16-jybn
24
vulnerability VCID-ugdk-t2vk-nkfc
25
vulnerability VCID-v3vg-9jdz-guf5
26
vulnerability VCID-vp3u-cexw-57a4
27
vulnerability VCID-ypcy-hry9-5fa3
28
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1
aliases GHSA-544j-77x9-h938
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8dx-xevb-bka2
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.0