Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/actionpack@2.3.0.alpha0

Type gem

Namespace

Name actionpack

Version 2.3.0.alpha0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.4

Latest_non_vulnerable_version 7.1.3.1

Affected_by_vulnerabilities

url VCID-hqff-h373-qqex

vulnerability_id VCID-hqff-h373-qqex

summary

Response Splitting Vulnerability in Ruby on Rails
A response splitting flaw can allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types.

references

reference_url	https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g

fixed_packages

url	pkg:gem/actionpack@2.3.13
purl	pkg:gem/actionpack@2.3.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.13

aliases CVE-2011-3186

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqff-h373-qqex

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.0.alpha0

Package Instance