Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionpack@3.1.5
Typegem
Namespace
Nameactionpack
Version3.1.5
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.1.6
Latest_non_vulnerable_version7.1.3.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-p6yg-d8wm-4bgz
vulnerability_id VCID-p6yg-d8wm-4bgz
summary 
SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.
references
0
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
url https://github.com/rails/rails
1
reference_url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
2
reference_url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
3
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
4
reference_url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
5
reference_url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
reference_id
reference_type
scores
url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
6
reference_url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
reference_id
reference_type
scores
url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
reference_id CVE-2012-2660
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
reference_id CVE-2012-2660.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
reference_id CVE-2012-2660.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
10
reference_url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
reference_id GHSA-hgpp-pp89-4fgf
reference_type
scores
url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
fixed_packages
0
url pkg:gem/actionpack@2.3.16
purl pkg:gem/actionpack@2.3.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.16
1
url pkg:gem/actionpack@3.0.13
purl pkg:gem/actionpack@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f21a-143f-9qay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.13
2
url pkg:gem/actionpack@3.1.5
purl pkg:gem/actionpack@3.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.5
3
url pkg:gem/actionpack@3.2.4
purl pkg:gem/actionpack@3.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4
aliases CVE-2012-2660, GHSA-hgpp-pp89-4fgf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6yg-d8wm-4bgz
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.5