Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/608024?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/608024?format=api", "purl": "pkg:gem/activesupport@7.0.3.1", "type": "gem", "namespace": "", "name": "activesupport", "version": "7.0.3.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.2.3.1", "latest_non_vulnerable_version": "8.1.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28212?format=api", "vulnerability_id": "VCID-1c3z-t7sf-vqec", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33176.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0971", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09751", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09762", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0976", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33176" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33176.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33176.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33176", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33176" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb", "reference_id": "19dbab51ca086a657bb86458042bc44314916bcb", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450551", "reference_id": "2450551", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450551" }, { "reference_url": "https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a", "reference_id": "ebd6be18120d1136511eb516338e27af25ac0a1a", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a" }, { "reference_url": "https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856", "reference_id": "ee2c59e730e5b8faed502cd2c573109df093f856", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856" }, { "reference_url": "https://github.com/advisories/GHSA-2j26-frm8-cmj9", "reference_id": "GHSA-2j26-frm8-cmj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2j26-frm8-cmj9" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9", "reference_id": "GHSA-2j26-frm8-cmj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14835", "reference_id": "RHSA-2026:14835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14873", "reference_id": "RHSA-2026:14873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14874", "reference_id": "RHSA-2026:14874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14874" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "v7.2.3.1", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "v8.0.4.1", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "v8.1.2.1", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374576?format=api", "purl": "pkg:gem/activesupport@7.2.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975046?format=api", "purl": "pkg:gem/activesupport@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374575?format=api", "purl": "pkg:gem/activesupport@8.0.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975056?format=api", "purl": "pkg:gem/activesupport@8.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374574?format=api", "purl": "pkg:gem/activesupport@8.1.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.2.1" } ], "aliases": [ "CVE-2026-33176", "GHSA-2j26-frm8-cmj9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1c3z-t7sf-vqec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15121?format=api", "vulnerability_id": "VCID-gujm-trnh-fqaa", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01484", "scoring_system": "epss", "scoring_elements": "0.81483", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01484", "scoring_system": "epss", "scoring_elements": "0.81492", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01484", "scoring_system": "epss", "scoring_elements": "0.81424", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01484", "scoring_system": "epss", "scoring_elements": "0.81484", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8" }, { "reference_url": "https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22796" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164736", "reference_id": "2164736", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164736" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116", "reference_id": "82116", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "dsa-5372", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://github.com/advisories/GHSA-j6gc-792m-qgm2", "reference_id": "GHSA-j6gc-792m-qgm2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j6gc-792m-qgm2" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0009/", "reference_id": "ntap-20240202-0009", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4341", "reference_id": "RHSA-2023:4341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380094?format=api", "purl": "pkg:gem/activesupport@7.0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-gujm-trnh-fqaa" }, { "vulnerability": "VCID-jgeh-r771-5fcf" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.4.1" } ], "aliases": [ "CVE-2023-22796", "GHSA-j6gc-792m-qgm2", "GMS-2023-61" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gujm-trnh-fqaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15312?format=api", "vulnerability_id": "VCID-jgeh-r771-5fcf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61525", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61633", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61637", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61629", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28120" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262", "reference_id": "1033262", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179637", "reference_id": "2179637", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179637" }, { "reference_url": "https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70", "reference_id": "3cf23c3f891e2e81c977ea4ab83b62bc2a444b70", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469", "reference_id": "82469", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5389", "reference_id": "dsa-5389", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5389" }, { "reference_url": "https://github.com/advisories/GHSA-pj73-v5mw-pm9j", "reference_id": "GHSA-pj73-v5mw-pm9j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pj73-v5mw-pm9j" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0006/", "reference_id": "ntap-20240202-0006", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1953", "reference_id": "RHSA-2023:1953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3495", "reference_id": "RHSA-2023:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3495" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/", "reference_id": "UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/", "reference_id": "ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380856?format=api", "purl": "pkg:gem/activesupport@7.0.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" }, { "vulnerability": "VCID-u15m-jr9m-wyd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.4.3" } ], "aliases": [ "CVE-2023-28120", "GHSA-pj73-v5mw-pm9j", "GMS-2023-765" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgeh-r771-5fcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28208?format=api", "vulnerability_id": "VCID-ky23-ggur-b3dn", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06152", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06151", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06165", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06174", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33169" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33169.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33169.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33169", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33169" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450556", "reference_id": "2450556", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450556" }, { "reference_url": "https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11", "reference_id": "29154f1097da13d48fdb3200760b3e3da66dcb11", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11" }, { "reference_url": "https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974", "reference_id": "b54a4b373c6f042cab6ee2033246b1c9ecc38974", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974" }, { "reference_url": "https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49", "reference_id": "ec1a0e215efd27a3b3911aae6df978a80f456a49", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49" }, { "reference_url": "https://github.com/advisories/GHSA-cg4j-q9v8-6v38", "reference_id": "GHSA-cg4j-q9v8-6v38", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg4j-q9v8-6v38" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38", "reference_id": "GHSA-cg4j-q9v8-6v38", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "v7.2.3.1", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "v8.0.4.1", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "v8.1.2.1", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374576?format=api", "purl": "pkg:gem/activesupport@7.2.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975046?format=api", "purl": "pkg:gem/activesupport@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374575?format=api", "purl": "pkg:gem/activesupport@8.0.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975056?format=api", "purl": "pkg:gem/activesupport@8.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374574?format=api", "purl": "pkg:gem/activesupport@8.1.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.2.1" } ], "aliases": [ "CVE-2026-33169", "GHSA-cg4j-q9v8-6v38" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ky23-ggur-b3dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28209?format=api", "vulnerability_id": "VCID-sbb8-q7rv-ukh5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01511", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01527", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01518", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01515", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33170" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33170" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33170.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33170.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33170", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33170" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450543", "reference_id": "2450543", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450543" }, { "reference_url": "https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7", "reference_id": "50d732af3b7c8aaf63cbcca0becbc00279b215b7", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7" }, { "reference_url": "https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db", "reference_id": "6e8a81108001d58043de9e54a06fca58962fc2db", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db" }, { "reference_url": "https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb", "reference_id": "c1ad0e8e1972032f3395853a5e99cea035035beb", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb" }, { "reference_url": "https://github.com/advisories/GHSA-89vf-4333-qx8v", "reference_id": "GHSA-89vf-4333-qx8v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-89vf-4333-qx8v" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v", "reference_id": "GHSA-89vf-4333-qx8v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "v7.2.3.1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "v8.0.4.1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "v8.1.2.1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374576?format=api", "purl": "pkg:gem/activesupport@7.2.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975046?format=api", "purl": "pkg:gem/activesupport@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374575?format=api", "purl": "pkg:gem/activesupport@8.0.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/975056?format=api", "purl": "pkg:gem/activesupport@8.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374574?format=api", "purl": "pkg:gem/activesupport@8.1.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.2.1" } ], "aliases": [ "CVE-2026-33170", "GHSA-89vf-4333-qx8v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sbb8-q7rv-ukh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132023?format=api", "vulnerability_id": "VCID-u15m-jr9m-wyd3", "summary": "ActiveSupport::EncryptedFile writes contents that will be encrypted to a\r\ntemporary file. The temporary file's permissions are defaulted to the user's\r\ncurrent `umask` settings, meaning that it's possible for other users on the\r\nsame system to read the contents of the temporary file.\r\n\r\nAttackers that have access to the file system could possibly read the contents\r\nof this temporary file while a user is editing it.\r\n\r\nAll users running an affected release should either upgrade or use one of the\r\nworkarounds immediately.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38037", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.266", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26603", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26399", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26616", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.7.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38037", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38037" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250214-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250214-0010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057", "reference_id": "1051057", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236261", "reference_id": "2236261", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236261" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544", "reference_id": "83544", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:42Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544" }, { "reference_url": "https://github.com/advisories/GHSA-cr5q-6q9f-rq6q", "reference_id": "GHSA-cr5q-6q9f-rq6q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cr5q-6q9f-rq6q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7720", "reference_id": "RHSA-2023:7720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0268", "reference_id": "RHSA-2024:0268", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2010", "reference_id": "RHSA-2024:2010", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2010" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380711?format=api", "purl": "pkg:gem/activesupport@7.0.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3z-t7sf-vqec" }, { "vulnerability": "VCID-ky23-ggur-b3dn" }, { "vulnerability": "VCID-sbb8-q7rv-ukh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.7.1" } ], "aliases": [ "CVE-2023-38037", "GHSA-cr5q-6q9f-rq6q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u15m-jr9m-wyd3" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.3.1" }