Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/51266?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/51266?format=api", "purl": "pkg:gem/activerecord@3.0.0", "type": "gem", "namespace": "", "name": "activerecord", "version": "3.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.0.1", "latest_non_vulnerable_version": "7.0.4.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39099?format=api", "vulnerability_id": "VCID-1mc1-zb64-yued", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nRuby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [], "url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "http://secunia.com/advisories/43278", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43278" }, { "reference_url": "http://securitytracker.com/id?1025063", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1025063" }, { "reference_url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0448", "reference_id": "CVE-2011-0448", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0448" }, { "reference_url": "https://github.com/advisories/GHSA-jmm9-2p29-vh2w", "reference_id": "GHSA-jmm9-2p29-vh2w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jmm9-2p29-vh2w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54588?format=api", "purl": "pkg:gem/activerecord@3.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.4" } ], "aliases": [ "CVE-2011-0448", "GHSA-jmm9-2p29-vh2w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mc1-zb64-yued" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39070?format=api", "vulnerability_id": "VCID-8n6u-hbhg-7qdx", "summary": "Improper Input Validation\nRuby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.", "references": [ { "reference_url": "http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/41930" }, { "reference_url": "http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1024624" }, { "reference_url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae" }, { "reference_url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585" }, { "reference_url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930" }, { "reference_url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624" }, { "reference_url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2719", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/2719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933", "reference_id": "CVE-2010-3933", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml", "reference_id": "CVE-2010-3933.YML", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf", "reference_id": "GHSA-gjxw-5w2q-7grf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54506?format=api", "purl": "pkg:gem/activerecord@3.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.1" } ], "aliases": [ "CVE-2010-3933", "GHSA-gjxw-5w2q-7grf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8n6u-hbhg-7qdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37443?format=api", "vulnerability_id": "VCID-cce9-3g2x-h3dt", "summary": "SQL injection vulnerability in Active Record\nDue to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661" }, { "reference_url": "https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51269?format=api", "purl": "pkg:gem/activerecord@3.0.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/51270?format=api", "purl": "pkg:gem/activerecord@3.1.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51271?format=api", "purl": "pkg:gem/activerecord@3.2.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4" } ], "aliases": [ "CVE-2012-2661" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cce9-3g2x-h3dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37442?format=api", "vulnerability_id": "VCID-p6yg-d8wm-4bgz", "summary": "SQL Injection\nRuby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.", "references": [ { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b" }, { "reference_url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml" }, { "reference_url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660", "reference_id": "CVE-2012-2660", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml", "reference_id": "CVE-2012-2660.YML", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml", "reference_id": "CVE-2012-2660.YML", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf", "reference_id": "GHSA-hgpp-pp89-4fgf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51269?format=api", "purl": "pkg:gem/activerecord@3.0.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/51270?format=api", "purl": "pkg:gem/activerecord@3.1.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51271?format=api", "purl": "pkg:gem/activerecord@3.2.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4" } ], "aliases": [ "CVE-2012-2660", "GHSA-hgpp-pp89-4fgf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6yg-d8wm-4bgz" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.0" }