Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionpack@4.2.0.alpha
Typegem
Namespace
Nameactionpack
Version4.2.0.alpha
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.1.2.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-1pzg-37dp-cyb1
vulnerability_id VCID-1pzg-37dp-cyb1
summary 
Possible Object Leak and Denial of Service attack
A carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-0296.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0296.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-0751
reference_id
reference_type
scores
0
value 0.08895
scoring_system epss
scoring_elements 0.92711
published_at 2026-06-04T12:55:00Z
1
value 0.08895
scoring_system epss
scoring_elements 0.92723
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-0751
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
18
reference_url https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17
19
reference_url https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6
20
reference_url https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af
21
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml
22
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ
23
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0751
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0751
25
reference_url https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816
26
reference_url https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800
27
reference_url http://www.debian.org/security/2016/dsa-3464
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3464
28
reference_url http://www.openwall.com/lists/oss-security/2016/01/25/9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/01/25/9
29
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1301946
reference_id 1301946
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1301946
30
reference_url https://github.com/advisories/GHSA-ffpv-c4hm-3x6v
reference_id GHSA-ffpv-c4hm-3x6v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ffpv-c4hm-3x6v
31
reference_url https://access.redhat.com/errata/RHSA-2016:0296
reference_id RHSA-2016:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0296
32
reference_url https://access.redhat.com/errata/RHSA-2016:0454
reference_id RHSA-2016:0454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0454
33
reference_url https://access.redhat.com/errata/RHSA-2016:0455
reference_id RHSA-2016:0455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0455
fixed_packages
0
url pkg:gem/actionpack@4.2.5.1
purl pkg:gem/actionpack@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37qm-tp8v-tugb
1
vulnerability VCID-75m1-xqdk-j7f3
2
vulnerability VCID-9t5z-1umq-qbe4
3
vulnerability VCID-9xc9-zvs2-1kde
4
vulnerability VCID-b464-j8ja-hke6
5
vulnerability VCID-bcwq-ngna-fqhd
6
vulnerability VCID-bfqq-ypyw-dycj
7
vulnerability VCID-cbvq-4ze7-r3g6
8
vulnerability VCID-chxq-j9us-cygh
9
vulnerability VCID-f21a-143f-9qay
10
vulnerability VCID-f7bp-x4q3-jbeh
11
vulnerability VCID-ftus-vcww-2kgf
12
vulnerability VCID-hdu6-u2pb-aqhp
13
vulnerability VCID-hxcf-k4te-h3gu
14
vulnerability VCID-jkk1-jx5j-q3ch
15
vulnerability VCID-n798-maqx-y3c9
16
vulnerability VCID-nhny-abkr-6qhb
17
vulnerability VCID-nprk-kfvh-vqfh
18
vulnerability VCID-nt1m-frdh-tbbq
19
vulnerability VCID-p6yg-d8wm-4bgz
20
vulnerability VCID-sw7t-5s3e-vkhx
21
vulnerability VCID-ufrj-jn16-jybn
22
vulnerability VCID-ugdk-t2vk-nkfc
23
vulnerability VCID-v3vg-9jdz-guf5
24
vulnerability VCID-vp3u-cexw-57a4
25
vulnerability VCID-ypcy-hry9-5fa3
26
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1
1
url pkg:gem/actionpack@5.0.0.beta1.1
purl pkg:gem/actionpack@5.0.0.beta1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37qm-tp8v-tugb
1
vulnerability VCID-75m1-xqdk-j7f3
2
vulnerability VCID-9t5z-1umq-qbe4
3
vulnerability VCID-b464-j8ja-hke6
4
vulnerability VCID-bcwq-ngna-fqhd
5
vulnerability VCID-bfqq-ypyw-dycj
6
vulnerability VCID-cbvq-4ze7-r3g6
7
vulnerability VCID-chxq-j9us-cygh
8
vulnerability VCID-f21a-143f-9qay
9
vulnerability VCID-f7bp-x4q3-jbeh
10
vulnerability VCID-ftus-vcww-2kgf
11
vulnerability VCID-hdu6-u2pb-aqhp
12
vulnerability VCID-hxcf-k4te-h3gu
13
vulnerability VCID-jkk1-jx5j-q3ch
14
vulnerability VCID-n798-maqx-y3c9
15
vulnerability VCID-nhny-abkr-6qhb
16
vulnerability VCID-nprk-kfvh-vqfh
17
vulnerability VCID-p6yg-d8wm-4bgz
18
vulnerability VCID-sw7t-5s3e-vkhx
19
vulnerability VCID-ufrj-jn16-jybn
20
vulnerability VCID-ugdk-t2vk-nkfc
21
vulnerability VCID-v3vg-9jdz-guf5
22
vulnerability VCID-vp3u-cexw-57a4
23
vulnerability VCID-ypcy-hry9-5fa3
24
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1
aliases CVE-2016-0751, GHSA-ffpv-c4hm-3x6v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1pzg-37dp-cyb1
1
url VCID-ecg2-wcty-b7hw
vulnerability_id VCID-ecg2-wcty-b7hw
summary 
Object leak vulnerability for wildcard controller routes
Users that have a route that contains the string `:controller` are susceptible to objects being leaked globally which can lead to unbounded memory growth. To identify if your application is vulnerable, look for routes that contain `:controller`.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-0296.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0296.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7581.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7581.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7581
reference_id
reference_type
scores
0
value 0.08542
scoring_system epss
scoring_elements 0.92536
published_at 2026-06-04T12:55:00Z
1
value 0.08542
scoring_system epss
scoring_elements 0.92549
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7581
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
15
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml
17
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ
18
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7581
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7581
20
reference_url https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677
21
reference_url https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816
22
reference_url http://www.debian.org/security/2016/dsa-3464
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3464
23
reference_url http://www.openwall.com/lists/oss-security/2016/01/25/16
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/01/25/16
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1301981
reference_id 1301981
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1301981
25
reference_url https://github.com/advisories/GHSA-9h6g-gp95-x3q5
reference_id GHSA-9h6g-gp95-x3q5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9h6g-gp95-x3q5
26
reference_url https://access.redhat.com/errata/RHSA-2016:0296
reference_id RHSA-2016:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0296
27
reference_url https://access.redhat.com/errata/RHSA-2016:0454
reference_id RHSA-2016:0454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0454
fixed_packages
0
url pkg:gem/actionpack@4.2.5.1
purl pkg:gem/actionpack@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37qm-tp8v-tugb
1
vulnerability VCID-75m1-xqdk-j7f3
2
vulnerability VCID-9t5z-1umq-qbe4
3
vulnerability VCID-9xc9-zvs2-1kde
4
vulnerability VCID-b464-j8ja-hke6
5
vulnerability VCID-bcwq-ngna-fqhd
6
vulnerability VCID-bfqq-ypyw-dycj
7
vulnerability VCID-cbvq-4ze7-r3g6
8
vulnerability VCID-chxq-j9us-cygh
9
vulnerability VCID-f21a-143f-9qay
10
vulnerability VCID-f7bp-x4q3-jbeh
11
vulnerability VCID-ftus-vcww-2kgf
12
vulnerability VCID-hdu6-u2pb-aqhp
13
vulnerability VCID-hxcf-k4te-h3gu
14
vulnerability VCID-jkk1-jx5j-q3ch
15
vulnerability VCID-n798-maqx-y3c9
16
vulnerability VCID-nhny-abkr-6qhb
17
vulnerability VCID-nprk-kfvh-vqfh
18
vulnerability VCID-nt1m-frdh-tbbq
19
vulnerability VCID-p6yg-d8wm-4bgz
20
vulnerability VCID-sw7t-5s3e-vkhx
21
vulnerability VCID-ufrj-jn16-jybn
22
vulnerability VCID-ugdk-t2vk-nkfc
23
vulnerability VCID-v3vg-9jdz-guf5
24
vulnerability VCID-vp3u-cexw-57a4
25
vulnerability VCID-ypcy-hry9-5fa3
26
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1
aliases CVE-2015-7581, GHSA-9h6g-gp95-x3q5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecg2-wcty-b7hw
2
url VCID-gqfj-qxbc-xqhm
vulnerability_id VCID-gqfj-qxbc-xqhm
summary 
Timing attack vulnerability in basic authentication
Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for `http_basic_authenticate_with` method calls in your application.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
6
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2016-0296.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0296.html
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7576
reference_id
reference_type
scores
0
value 0.01119
scoring_system epss
scoring_elements 0.78597
published_at 2026-06-05T12:55:00Z
1
value 0.01119
scoring_system epss
scoring_elements 0.7857
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7576
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
18
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
19
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
20
reference_url https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd
21
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml
22
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ
23
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7576
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7576
25
reference_url https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816
26
reference_url https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803
27
reference_url http://www.debian.org/security/2016/dsa-3464
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3464
28
reference_url http://www.openwall.com/lists/oss-security/2016/01/25/8
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/01/25/8
29
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1301933
reference_id 1301933
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1301933
30
reference_url https://github.com/advisories/GHSA-p692-7mm3-3fxg
reference_id GHSA-p692-7mm3-3fxg
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p692-7mm3-3fxg
31
reference_url https://access.redhat.com/errata/RHSA-2016:0296
reference_id RHSA-2016:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0296
32
reference_url https://access.redhat.com/errata/RHSA-2016:0454
reference_id RHSA-2016:0454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0454
33
reference_url https://access.redhat.com/errata/RHSA-2016:0455
reference_id RHSA-2016:0455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0455
fixed_packages
0
url pkg:gem/actionpack@4.2.5.1
purl pkg:gem/actionpack@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37qm-tp8v-tugb
1
vulnerability VCID-75m1-xqdk-j7f3
2
vulnerability VCID-9t5z-1umq-qbe4
3
vulnerability VCID-9xc9-zvs2-1kde
4
vulnerability VCID-b464-j8ja-hke6
5
vulnerability VCID-bcwq-ngna-fqhd
6
vulnerability VCID-bfqq-ypyw-dycj
7
vulnerability VCID-cbvq-4ze7-r3g6
8
vulnerability VCID-chxq-j9us-cygh
9
vulnerability VCID-f21a-143f-9qay
10
vulnerability VCID-f7bp-x4q3-jbeh
11
vulnerability VCID-ftus-vcww-2kgf
12
vulnerability VCID-hdu6-u2pb-aqhp
13
vulnerability VCID-hxcf-k4te-h3gu
14
vulnerability VCID-jkk1-jx5j-q3ch
15
vulnerability VCID-n798-maqx-y3c9
16
vulnerability VCID-nhny-abkr-6qhb
17
vulnerability VCID-nprk-kfvh-vqfh
18
vulnerability VCID-nt1m-frdh-tbbq
19
vulnerability VCID-p6yg-d8wm-4bgz
20
vulnerability VCID-sw7t-5s3e-vkhx
21
vulnerability VCID-ufrj-jn16-jybn
22
vulnerability VCID-ugdk-t2vk-nkfc
23
vulnerability VCID-v3vg-9jdz-guf5
24
vulnerability VCID-vp3u-cexw-57a4
25
vulnerability VCID-ypcy-hry9-5fa3
26
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1
1
url pkg:gem/actionpack@5.0.0.beta1.1
purl pkg:gem/actionpack@5.0.0.beta1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37qm-tp8v-tugb
1
vulnerability VCID-75m1-xqdk-j7f3
2
vulnerability VCID-9t5z-1umq-qbe4
3
vulnerability VCID-b464-j8ja-hke6
4
vulnerability VCID-bcwq-ngna-fqhd
5
vulnerability VCID-bfqq-ypyw-dycj
6
vulnerability VCID-cbvq-4ze7-r3g6
7
vulnerability VCID-chxq-j9us-cygh
8
vulnerability VCID-f21a-143f-9qay
9
vulnerability VCID-f7bp-x4q3-jbeh
10
vulnerability VCID-ftus-vcww-2kgf
11
vulnerability VCID-hdu6-u2pb-aqhp
12
vulnerability VCID-hxcf-k4te-h3gu
13
vulnerability VCID-jkk1-jx5j-q3ch
14
vulnerability VCID-n798-maqx-y3c9
15
vulnerability VCID-nhny-abkr-6qhb
16
vulnerability VCID-nprk-kfvh-vqfh
17
vulnerability VCID-p6yg-d8wm-4bgz
18
vulnerability VCID-sw7t-5s3e-vkhx
19
vulnerability VCID-ufrj-jn16-jybn
20
vulnerability VCID-ugdk-t2vk-nkfc
21
vulnerability VCID-v3vg-9jdz-guf5
22
vulnerability VCID-vp3u-cexw-57a4
23
vulnerability VCID-ypcy-hry9-5fa3
24
vulnerability VCID-z21g-8h32-yyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1
aliases CVE-2015-7576, GHSA-p692-7mm3-3fxg
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gqfj-qxbc-xqhm
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.alpha