Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionpack@3.2
Typegem
Namespace
Nameactionpack
Version3.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.1.2.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-2p4p-apst-v3cq
vulnerability_id VCID-2p4p-apst-v3cq
summary 
XSS Vulnerability in simple_format helper
The simple_format helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass user-controlled data to be included as html attributes will be vulnerable to an XSS attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6416
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.46647
published_at 2026-06-04T12:55:00Z
1
value 0.00236
scoring_system epss
scoring_elements 0.46669
published_at 2026-06-08T12:55:00Z
2
value 0.00236
scoring_system epss
scoring_elements 0.46696
published_at 2026-06-07T12:55:00Z
3
value 0.00236
scoring_system epss
scoring_elements 0.46716
published_at 2026-06-06T12:55:00Z
4
value 0.00236
scoring_system epss
scoring_elements 0.46713
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6416
2
reference_url http://seclists.org/oss-sec/2013/q4/404
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/404
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml
6
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ
7
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6416
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6416
9
reference_url https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071
10
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
11
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1036914
reference_id 1036914
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1036914
13
reference_url https://github.com/advisories/GHSA-w37c-q653-qg95
reference_id GHSA-w37c-q653-qg95
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w37c-q653-qg95
fixed_packages
0
url pkg:gem/actionpack@4.0.2
purl pkg:gem/actionpack@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-37qm-tp8v-tugb
2
vulnerability VCID-4uv1-e1me-hqb3
3
vulnerability VCID-5swj-xwsw-rkac
4
vulnerability VCID-75m1-xqdk-j7f3
5
vulnerability VCID-9t5z-1umq-qbe4
6
vulnerability VCID-9xc9-zvs2-1kde
7
vulnerability VCID-b1ph-gjaz-ayar
8
vulnerability VCID-b464-j8ja-hke6
9
vulnerability VCID-bcwq-ngna-fqhd
10
vulnerability VCID-bfqq-ypyw-dycj
11
vulnerability VCID-cbvq-4ze7-r3g6
12
vulnerability VCID-chxq-j9us-cygh
13
vulnerability VCID-ecg2-wcty-b7hw
14
vulnerability VCID-egdx-4qqa-guh1
15
vulnerability VCID-f21a-143f-9qay
16
vulnerability VCID-f7bp-x4q3-jbeh
17
vulnerability VCID-ftus-vcww-2kgf
18
vulnerability VCID-gqfj-qxbc-xqhm
19
vulnerability VCID-hdu6-u2pb-aqhp
20
vulnerability VCID-hxcf-k4te-h3gu
21
vulnerability VCID-jkk1-jx5j-q3ch
22
vulnerability VCID-mf6k-jx45-m3fy
23
vulnerability VCID-n798-maqx-y3c9
24
vulnerability VCID-nhny-abkr-6qhb
25
vulnerability VCID-nprk-kfvh-vqfh
26
vulnerability VCID-nt1m-frdh-tbbq
27
vulnerability VCID-p6yg-d8wm-4bgz
28
vulnerability VCID-sw7t-5s3e-vkhx
29
vulnerability VCID-ufrj-jn16-jybn
30
vulnerability VCID-ugdk-t2vk-nkfc
31
vulnerability VCID-ujt2-es3k-67aq
32
vulnerability VCID-v3vg-9jdz-guf5
33
vulnerability VCID-vex8-56fk-gqdf
34
vulnerability VCID-vp3u-cexw-57a4
35
vulnerability VCID-vv7c-uwnu-nfhb
36
vulnerability VCID-wake-zgkk-vber
37
vulnerability VCID-xee7-ge26-yfdc
38
vulnerability VCID-xvsy-e7fv-1ufe
39
vulnerability VCID-y8dx-xevb-bka2
40
vulnerability VCID-ypcy-hry9-5fa3
41
vulnerability VCID-z21g-8h32-yyf6
42
vulnerability VCID-zc2d-dx64-2yh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2
aliases CVE-2013-6416, GHSA-w37c-q653-qg95, OSV-100526
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2p4p-apst-v3cq
1
url VCID-75m1-xqdk-j7f3
vulnerability_id VCID-75m1-xqdk-j7f3
summary 
Improper Input Validation
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2929
reference_id
reference_type
scores
0
value 0.00814
scoring_system epss
scoring_elements 0.74673
published_at 2026-06-06T12:55:00Z
1
value 0.00814
scoring_system epss
scoring_elements 0.74636
published_at 2026-06-04T12:55:00Z
2
value 0.00814
scoring_system epss
scoring_elements 0.74667
published_at 2026-06-05T12:55:00Z
3
value 0.00814
scoring_system epss
scoring_elements 0.74643
published_at 2026-06-08T12:55:00Z
4
value 0.00814
scoring_system epss
scoring_elements 0.7466
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2929
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=731432
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=731432
5
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
6
reference_url https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml
8
reference_url https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
9
reference_url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
10
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
11
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
12
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
13
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
14
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
15
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2929
reference_id CVE-2011-2929
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2929
17
reference_url https://github.com/advisories/GHSA-r7q2-5gqg-6c7q
reference_id GHSA-r7q2-5gqg-6c7q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7q2-5gqg-6c7q
18
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-2929, GHSA-r7q2-5gqg-6c7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-75m1-xqdk-j7f3
2
url VCID-7m31-x66p-3bha
vulnerability_id VCID-7m31-x66p-3bha
summary 
actionpack Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3465
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56402
published_at 2026-06-08T12:55:00Z
1
value 0.00333
scoring_system epss
scoring_elements 0.56369
published_at 2026-06-04T12:55:00Z
2
value 0.00333
scoring_system epss
scoring_elements 0.56431
published_at 2026-06-06T12:55:00Z
3
value 0.00333
scoring_system epss
scoring_elements 0.56425
published_at 2026-06-05T12:55:00Z
4
value 0.00333
scoring_system epss
scoring_elements 0.56419
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3465
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77
6
reference_url https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a
7
reference_url https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain
8
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=847200
reference_id 847200
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=847200
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3465
reference_id CVE-2012-3465
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3465
11
reference_url https://github.com/advisories/GHSA-7g65-ghrg-hpf5
reference_id GHSA-7g65-ghrg-hpf5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7g65-ghrg-hpf5
12
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
13
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/actionpack@3.2.8
purl pkg:gem/actionpack@3.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-2p4p-apst-v3cq
2
vulnerability VCID-37qm-tp8v-tugb
3
vulnerability VCID-464e-wb3p-j3dn
4
vulnerability VCID-4uv1-e1me-hqb3
5
vulnerability VCID-5swj-xwsw-rkac
6
vulnerability VCID-75m1-xqdk-j7f3
7
vulnerability VCID-7spd-zybv-pbgm
8
vulnerability VCID-9t5z-1umq-qbe4
9
vulnerability VCID-9xc9-zvs2-1kde
10
vulnerability VCID-b1ph-gjaz-ayar
11
vulnerability VCID-b464-j8ja-hke6
12
vulnerability VCID-bcwq-ngna-fqhd
13
vulnerability VCID-bfqq-ypyw-dycj
14
vulnerability VCID-cbvq-4ze7-r3g6
15
vulnerability VCID-chxq-j9us-cygh
16
vulnerability VCID-egdx-4qqa-guh1
17
vulnerability VCID-f21a-143f-9qay
18
vulnerability VCID-f7bp-x4q3-jbeh
19
vulnerability VCID-fj3n-g8wp-bbaj
20
vulnerability VCID-ftus-vcww-2kgf
21
vulnerability VCID-gadc-jens-nuga
22
vulnerability VCID-ghj9-vyyr-tub8
23
vulnerability VCID-gqfj-qxbc-xqhm
24
vulnerability VCID-hdu6-u2pb-aqhp
25
vulnerability VCID-hxcf-k4te-h3gu
26
vulnerability VCID-jkk1-jx5j-q3ch
27
vulnerability VCID-kt2t-d3bx-jydv
28
vulnerability VCID-mf6k-jx45-m3fy
29
vulnerability VCID-n798-maqx-y3c9
30
vulnerability VCID-nhny-abkr-6qhb
31
vulnerability VCID-nprk-kfvh-vqfh
32
vulnerability VCID-nt1m-frdh-tbbq
33
vulnerability VCID-p6yg-d8wm-4bgz
34
vulnerability VCID-puve-cp8z-zbdr
35
vulnerability VCID-qmvt-9qth-77a6
36
vulnerability VCID-sgjx-bz3r-9yam
37
vulnerability VCID-sw7t-5s3e-vkhx
38
vulnerability VCID-ufrj-jn16-jybn
39
vulnerability VCID-ugdk-t2vk-nkfc
40
vulnerability VCID-ujt2-es3k-67aq
41
vulnerability VCID-v3vg-9jdz-guf5
42
vulnerability VCID-vex8-56fk-gqdf
43
vulnerability VCID-vp3u-cexw-57a4
44
vulnerability VCID-vv7c-uwnu-nfhb
45
vulnerability VCID-wake-zgkk-vber
46
vulnerability VCID-xee7-ge26-yfdc
47
vulnerability VCID-xvsy-e7fv-1ufe
48
vulnerability VCID-ypcy-hry9-5fa3
49
vulnerability VCID-z21g-8h32-yyf6
50
vulnerability VCID-z94j-z575-4ydx
51
vulnerability VCID-zc2d-dx64-2yh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8
aliases CVE-2012-3465, GHSA-7g65-ghrg-hpf5, OSV-84513
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m31-x66p-3bha
3
url VCID-dx34-zm9p-1ydc
vulnerability_id VCID-dx34-zm9p-1ydc
summary 
actionpack Improper Authentication vulnerability
The `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3424
reference_id
reference_type
scores
0
value 0.00981
scoring_system epss
scoring_elements 0.77151
published_at 2026-06-07T12:55:00Z
1
value 0.00981
scoring_system epss
scoring_elements 0.77163
published_at 2026-06-06T12:55:00Z
2
value 0.00981
scoring_system epss
scoring_elements 0.77153
published_at 2026-06-05T12:55:00Z
3
value 0.00981
scoring_system epss
scoring_elements 0.77122
published_at 2026-06-04T12:55:00Z
4
value 0.00981
scoring_system epss
scoring_elements 0.77142
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3424
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600
6
reference_url https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain
7
reference_url http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=843711
reference_id 843711
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=843711
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3424
reference_id CVE-2012-3424
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3424
10
reference_url https://github.com/advisories/GHSA-92w9-2pqw-rhjj
reference_id GHSA-92w9-2pqw-rhjj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92w9-2pqw-rhjj
11
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
12
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/actionpack@3.2.7
purl pkg:gem/actionpack@3.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-2p4p-apst-v3cq
2
vulnerability VCID-37qm-tp8v-tugb
3
vulnerability VCID-464e-wb3p-j3dn
4
vulnerability VCID-4uv1-e1me-hqb3
5
vulnerability VCID-5swj-xwsw-rkac
6
vulnerability VCID-75m1-xqdk-j7f3
7
vulnerability VCID-7m31-x66p-3bha
8
vulnerability VCID-7spd-zybv-pbgm
9
vulnerability VCID-9t5z-1umq-qbe4
10
vulnerability VCID-9xc9-zvs2-1kde
11
vulnerability VCID-b1ph-gjaz-ayar
12
vulnerability VCID-b464-j8ja-hke6
13
vulnerability VCID-bcwq-ngna-fqhd
14
vulnerability VCID-bfqq-ypyw-dycj
15
vulnerability VCID-cbvq-4ze7-r3g6
16
vulnerability VCID-chxq-j9us-cygh
17
vulnerability VCID-egdx-4qqa-guh1
18
vulnerability VCID-f21a-143f-9qay
19
vulnerability VCID-f7bp-x4q3-jbeh
20
vulnerability VCID-fj3n-g8wp-bbaj
21
vulnerability VCID-ftus-vcww-2kgf
22
vulnerability VCID-gadc-jens-nuga
23
vulnerability VCID-ghj9-vyyr-tub8
24
vulnerability VCID-gqfj-qxbc-xqhm
25
vulnerability VCID-hdu6-u2pb-aqhp
26
vulnerability VCID-hxcf-k4te-h3gu
27
vulnerability VCID-jkk1-jx5j-q3ch
28
vulnerability VCID-kt2t-d3bx-jydv
29
vulnerability VCID-mf6k-jx45-m3fy
30
vulnerability VCID-n798-maqx-y3c9
31
vulnerability VCID-nhny-abkr-6qhb
32
vulnerability VCID-nprk-kfvh-vqfh
33
vulnerability VCID-nt1m-frdh-tbbq
34
vulnerability VCID-p6yg-d8wm-4bgz
35
vulnerability VCID-puve-cp8z-zbdr
36
vulnerability VCID-qmvt-9qth-77a6
37
vulnerability VCID-sgjx-bz3r-9yam
38
vulnerability VCID-sw7t-5s3e-vkhx
39
vulnerability VCID-t9c8-r3yp-sbde
40
vulnerability VCID-ufrj-jn16-jybn
41
vulnerability VCID-ugdk-t2vk-nkfc
42
vulnerability VCID-ujt2-es3k-67aq
43
vulnerability VCID-v3vg-9jdz-guf5
44
vulnerability VCID-vex8-56fk-gqdf
45
vulnerability VCID-vp3u-cexw-57a4
46
vulnerability VCID-vv7c-uwnu-nfhb
47
vulnerability VCID-wake-zgkk-vber
48
vulnerability VCID-xee7-ge26-yfdc
49
vulnerability VCID-xvsy-e7fv-1ufe
50
vulnerability VCID-ypcy-hry9-5fa3
51
vulnerability VCID-z21g-8h32-yyf6
52
vulnerability VCID-z94j-z575-4ydx
53
vulnerability VCID-zc2d-dx64-2yh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.7
aliases CVE-2012-3424, GHSA-92w9-2pqw-rhjj, OSV-84243
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx34-zm9p-1ydc
4
url VCID-f21a-143f-9qay
vulnerability_id VCID-f21a-143f-9qay
summary 
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2694
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44672
published_at 2026-06-04T12:55:00Z
1
value 0.0022
scoring_system epss
scoring_elements 0.44696
published_at 2026-06-08T12:55:00Z
2
value 0.0022
scoring_system epss
scoring_elements 0.44727
published_at 2026-06-07T12:55:00Z
3
value 0.0022
scoring_system epss
scoring_elements 0.44749
published_at 2026-06-06T12:55:00Z
4
value 0.0022
scoring_system epss
scoring_elements 0.44741
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2694
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a
10
reference_url https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52
11
reference_url https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain
12
reference_url https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=831581
reference_id 831581
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=831581
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2694
reference_id CVE-2012-2694
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2694
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml
reference_id CVE-2012-2694.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml
16
reference_url https://github.com/advisories/GHSA-q34c-48gc-m9g8
reference_id GHSA-q34c-48gc-m9g8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q34c-48gc-m9g8
17
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
18
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/actionpack@3.2.6
purl pkg:gem/actionpack@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-2p4p-apst-v3cq
2
vulnerability VCID-37qm-tp8v-tugb
3
vulnerability VCID-464e-wb3p-j3dn
4
vulnerability VCID-4uv1-e1me-hqb3
5
vulnerability VCID-5swj-xwsw-rkac
6
vulnerability VCID-75m1-xqdk-j7f3
7
vulnerability VCID-7m31-x66p-3bha
8
vulnerability VCID-7spd-zybv-pbgm
9
vulnerability VCID-9t5z-1umq-qbe4
10
vulnerability VCID-9xc9-zvs2-1kde
11
vulnerability VCID-b1ph-gjaz-ayar
12
vulnerability VCID-b464-j8ja-hke6
13
vulnerability VCID-bcwq-ngna-fqhd
14
vulnerability VCID-bfqq-ypyw-dycj
15
vulnerability VCID-cbvq-4ze7-r3g6
16
vulnerability VCID-chxq-j9us-cygh
17
vulnerability VCID-dx34-zm9p-1ydc
18
vulnerability VCID-egdx-4qqa-guh1
19
vulnerability VCID-f21a-143f-9qay
20
vulnerability VCID-f7bp-x4q3-jbeh
21
vulnerability VCID-fj3n-g8wp-bbaj
22
vulnerability VCID-ftus-vcww-2kgf
23
vulnerability VCID-gadc-jens-nuga
24
vulnerability VCID-ghj9-vyyr-tub8
25
vulnerability VCID-gqfj-qxbc-xqhm
26
vulnerability VCID-hdu6-u2pb-aqhp
27
vulnerability VCID-hxcf-k4te-h3gu
28
vulnerability VCID-jkk1-jx5j-q3ch
29
vulnerability VCID-kt2t-d3bx-jydv
30
vulnerability VCID-mf6k-jx45-m3fy
31
vulnerability VCID-n798-maqx-y3c9
32
vulnerability VCID-nhny-abkr-6qhb
33
vulnerability VCID-nprk-kfvh-vqfh
34
vulnerability VCID-nt1m-frdh-tbbq
35
vulnerability VCID-p6yg-d8wm-4bgz
36
vulnerability VCID-puve-cp8z-zbdr
37
vulnerability VCID-qmvt-9qth-77a6
38
vulnerability VCID-sgjx-bz3r-9yam
39
vulnerability VCID-sw7t-5s3e-vkhx
40
vulnerability VCID-t9c8-r3yp-sbde
41
vulnerability VCID-ufrj-jn16-jybn
42
vulnerability VCID-ugdk-t2vk-nkfc
43
vulnerability VCID-ujt2-es3k-67aq
44
vulnerability VCID-v3vg-9jdz-guf5
45
vulnerability VCID-vex8-56fk-gqdf
46
vulnerability VCID-vp3u-cexw-57a4
47
vulnerability VCID-vv7c-uwnu-nfhb
48
vulnerability VCID-wake-zgkk-vber
49
vulnerability VCID-xee7-ge26-yfdc
50
vulnerability VCID-xvsy-e7fv-1ufe
51
vulnerability VCID-ypcy-hry9-5fa3
52
vulnerability VCID-z21g-8h32-yyf6
53
vulnerability VCID-z94j-z575-4ydx
54
vulnerability VCID-zc2d-dx64-2yh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.6
aliases CVE-2012-2694, GHSA-q34c-48gc-m9g8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f21a-143f-9qay
5
url VCID-kt2t-d3bx-jydv
vulnerability_id VCID-kt2t-d3bx-jydv
summary 
XSS vulnerability in sanitize_css in Action Pack
Carefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0698.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0698.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
5
reference_url https://access.redhat.com/errata/RHSA-2013:0698
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0698
6
reference_url https://access.redhat.com/errata/RHSA-2014:1863
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1863
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json
8
reference_url https://access.redhat.com/security/cve/CVE-2013-1855
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-1855
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1855
reference_id
reference_type
scores
0
value 0.00536
scoring_system epss
scoring_elements 0.67828
published_at 2026-06-08T12:55:00Z
1
value 0.00536
scoring_system epss
scoring_elements 0.67847
published_at 2026-06-05T12:55:00Z
2
value 0.00536
scoring_system epss
scoring_elements 0.67843
published_at 2026-06-07T12:55:00Z
3
value 0.00536
scoring_system epss
scoring_elements 0.67854
published_at 2026-06-06T12:55:00Z
4
value 0.00536
scoring_system epss
scoring_elements 0.67807
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1855
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=921331
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=921331
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml
13
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8
14
reference_url https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1855
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1855
16
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
17
reference_url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
18
reference_url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
19
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
20
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
21
reference_url https://github.com/advisories/GHSA-q759-hwvc-m3jg
reference_id GHSA-q759-hwvc-m3jg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q759-hwvc-m3jg
22
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/actionpack@3.2.13
purl pkg:gem/actionpack@3.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-2p4p-apst-v3cq
2
vulnerability VCID-37qm-tp8v-tugb
3
vulnerability VCID-464e-wb3p-j3dn
4
vulnerability VCID-4uv1-e1me-hqb3
5
vulnerability VCID-5swj-xwsw-rkac
6
vulnerability VCID-75m1-xqdk-j7f3
7
vulnerability VCID-7spd-zybv-pbgm
8
vulnerability VCID-9t5z-1umq-qbe4
9
vulnerability VCID-9xc9-zvs2-1kde
10
vulnerability VCID-b1ph-gjaz-ayar
11
vulnerability VCID-b464-j8ja-hke6
12
vulnerability VCID-bcwq-ngna-fqhd
13
vulnerability VCID-bfqq-ypyw-dycj
14
vulnerability VCID-cbvq-4ze7-r3g6
15
vulnerability VCID-chxq-j9us-cygh
16
vulnerability VCID-egdx-4qqa-guh1
17
vulnerability VCID-f21a-143f-9qay
18
vulnerability VCID-f7bp-x4q3-jbeh
19
vulnerability VCID-fj3n-g8wp-bbaj
20
vulnerability VCID-ftus-vcww-2kgf
21
vulnerability VCID-gadc-jens-nuga
22
vulnerability VCID-ghj9-vyyr-tub8
23
vulnerability VCID-gqfj-qxbc-xqhm
24
vulnerability VCID-hdu6-u2pb-aqhp
25
vulnerability VCID-hxcf-k4te-h3gu
26
vulnerability VCID-jkk1-jx5j-q3ch
27
vulnerability VCID-kt2t-d3bx-jydv
28
vulnerability VCID-mf6k-jx45-m3fy
29
vulnerability VCID-n798-maqx-y3c9
30
vulnerability VCID-nhny-abkr-6qhb
31
vulnerability VCID-nprk-kfvh-vqfh
32
vulnerability VCID-nt1m-frdh-tbbq
33
vulnerability VCID-p6yg-d8wm-4bgz
34
vulnerability VCID-qmvt-9qth-77a6
35
vulnerability VCID-sgjx-bz3r-9yam
36
vulnerability VCID-sw7t-5s3e-vkhx
37
vulnerability VCID-ufrj-jn16-jybn
38
vulnerability VCID-ugdk-t2vk-nkfc
39
vulnerability VCID-ujt2-es3k-67aq
40
vulnerability VCID-v3vg-9jdz-guf5
41
vulnerability VCID-vex8-56fk-gqdf
42
vulnerability VCID-vp3u-cexw-57a4
43
vulnerability VCID-vv7c-uwnu-nfhb
44
vulnerability VCID-wake-zgkk-vber
45
vulnerability VCID-xee7-ge26-yfdc
46
vulnerability VCID-xvsy-e7fv-1ufe
47
vulnerability VCID-ypcy-hry9-5fa3
48
vulnerability VCID-z21g-8h32-yyf6
49
vulnerability VCID-z94j-z575-4ydx
50
vulnerability VCID-zc2d-dx64-2yh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13
aliases CVE-2013-1855, GHSA-q759-hwvc-m3jg, OSV-91452
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2t-d3bx-jydv
6
url VCID-p6yg-d8wm-4bgz
vulnerability_id VCID-p6yg-d8wm-4bgz
summary 
SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2660
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36578
published_at 2026-06-08T12:55:00Z
1
value 0.00159
scoring_system epss
scoring_elements 0.36549
published_at 2026-06-04T12:55:00Z
2
value 0.00159
scoring_system epss
scoring_elements 0.36643
published_at 2026-06-05T12:55:00Z
3
value 0.00159
scoring_system epss
scoring_elements 0.36651
published_at 2026-06-06T12:55:00Z
4
value 0.00159
scoring_system epss
scoring_elements 0.36615
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2660
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
10
reference_url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
12
reference_url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
13
reference_url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
14
reference_url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=827353
reference_id 827353
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=827353
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
reference_id CVE-2012-2660
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
reference_id CVE-2012-2660.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
reference_id CVE-2012-2660.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
19
reference_url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
reference_id GHSA-hgpp-pp89-4fgf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
20
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
21
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/actionpack@3.2.4
purl pkg:gem/actionpack@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-2p4p-apst-v3cq
2
vulnerability VCID-37qm-tp8v-tugb
3
vulnerability VCID-464e-wb3p-j3dn
4
vulnerability VCID-4uv1-e1me-hqb3
5
vulnerability VCID-5swj-xwsw-rkac
6
vulnerability VCID-75m1-xqdk-j7f3
7
vulnerability VCID-7m31-x66p-3bha
8
vulnerability VCID-7spd-zybv-pbgm
9
vulnerability VCID-9t5z-1umq-qbe4
10
vulnerability VCID-9xc9-zvs2-1kde
11
vulnerability VCID-b1ph-gjaz-ayar
12
vulnerability VCID-b464-j8ja-hke6
13
vulnerability VCID-bcwq-ngna-fqhd
14
vulnerability VCID-bfqq-ypyw-dycj
15
vulnerability VCID-cbvq-4ze7-r3g6
16
vulnerability VCID-chxq-j9us-cygh
17
vulnerability VCID-dx34-zm9p-1ydc
18
vulnerability VCID-egdx-4qqa-guh1
19
vulnerability VCID-f21a-143f-9qay
20
vulnerability VCID-f7bp-x4q3-jbeh
21
vulnerability VCID-fj3n-g8wp-bbaj
22
vulnerability VCID-ftus-vcww-2kgf
23
vulnerability VCID-gadc-jens-nuga
24
vulnerability VCID-ghj9-vyyr-tub8
25
vulnerability VCID-gqfj-qxbc-xqhm
26
vulnerability VCID-hdu6-u2pb-aqhp
27
vulnerability VCID-hxcf-k4te-h3gu
28
vulnerability VCID-jkk1-jx5j-q3ch
29
vulnerability VCID-kt2t-d3bx-jydv
30
vulnerability VCID-mf6k-jx45-m3fy
31
vulnerability VCID-n798-maqx-y3c9
32
vulnerability VCID-nhny-abkr-6qhb
33
vulnerability VCID-nprk-kfvh-vqfh
34
vulnerability VCID-nt1m-frdh-tbbq
35
vulnerability VCID-p6yg-d8wm-4bgz
36
vulnerability VCID-puve-cp8z-zbdr
37
vulnerability VCID-qmvt-9qth-77a6
38
vulnerability VCID-sgjx-bz3r-9yam
39
vulnerability VCID-sw7t-5s3e-vkhx
40
vulnerability VCID-t9c8-r3yp-sbde
41
vulnerability VCID-ufrj-jn16-jybn
42
vulnerability VCID-ugdk-t2vk-nkfc
43
vulnerability VCID-ujt2-es3k-67aq
44
vulnerability VCID-v3vg-9jdz-guf5
45
vulnerability VCID-vex8-56fk-gqdf
46
vulnerability VCID-vp3u-cexw-57a4
47
vulnerability VCID-vv7c-uwnu-nfhb
48
vulnerability VCID-wake-zgkk-vber
49
vulnerability VCID-xee7-ge26-yfdc
50
vulnerability VCID-xvsy-e7fv-1ufe
51
vulnerability VCID-ypcy-hry9-5fa3
52
vulnerability VCID-z21g-8h32-yyf6
53
vulnerability VCID-z94j-z575-4ydx
54
vulnerability VCID-zc2d-dx64-2yh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4
aliases CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6yg-d8wm-4bgz
7
url VCID-puve-cp8z-zbdr
vulnerability_id VCID-puve-cp8z-zbdr
summary 
Multiple vulnerabilities in parameter parsing in Action Pack
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0153.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0153.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0155.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0155.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0156
reference_id
reference_type
scores
0
value 0.91907
scoring_system epss
scoring_elements 0.99707
published_at 2026-06-08T12:55:00Z
1
value 0.91907
scoring_system epss
scoring_elements 0.99708
published_at 2026-06-07T12:55:00Z
2
value 0.91907
scoring_system epss
scoring_elements 0.99709
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0156
5
reference_url https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ
9
reference_url https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0156
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0156
11
reference_url https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
12
reference_url https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
13
reference_url https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156
14
reference_url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released
15
reference_url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
16
reference_url http://www.debian.org/security/2013/dsa-2604
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2604
17
reference_url http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html
18
reference_url http://www.insinuator.net/2013/01/rails-yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.insinuator.net/2013/01/rails-yaml
19
reference_url http://www.insinuator.net/2013/01/rails-yaml/
reference_id
reference_type
scores
url http://www.insinuator.net/2013/01/rails-yaml/
20
reference_url http://www.kb.cert.org/vuls/id/380039
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.kb.cert.org/vuls/id/380039
21
reference_url http://www.kb.cert.org/vuls/id/628463
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.kb.cert.org/vuls/id/628463
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722
reference_id 697722
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=892870
reference_id 892870
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=892870
24
reference_url https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/
reference_id CVE-2013-0156
reference_type
scores
url https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/
25
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb
reference_id CVE-2013-0156;OSVDB-89026
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb
26
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb
reference_id CVE-2013-0156;OSVDB-89026
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb
27
reference_url https://github.com/advisories/GHSA-jmgw-6vjg-jjwg
reference_id GHSA-jmgw-6vjg-jjwg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmgw-6vjg-jjwg
28
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
29
reference_url https://access.redhat.com/errata/RHSA-2013:0153
reference_id RHSA-2013:0153
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0153
30
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
31
reference_url https://access.redhat.com/errata/RHSA-2013:0155
reference_id RHSA-2013:0155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0155
fixed_packages
0
url pkg:gem/actionpack@3.2.11
purl pkg:gem/actionpack@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-2p4p-apst-v3cq
2
vulnerability VCID-37qm-tp8v-tugb
3
vulnerability VCID-464e-wb3p-j3dn
4
vulnerability VCID-4uv1-e1me-hqb3
5
vulnerability VCID-5swj-xwsw-rkac
6
vulnerability VCID-75m1-xqdk-j7f3
7
vulnerability VCID-7spd-zybv-pbgm
8
vulnerability VCID-9t5z-1umq-qbe4
9
vulnerability VCID-9xc9-zvs2-1kde
10
vulnerability VCID-b1ph-gjaz-ayar
11
vulnerability VCID-b464-j8ja-hke6
12
vulnerability VCID-bcwq-ngna-fqhd
13
vulnerability VCID-bfqq-ypyw-dycj
14
vulnerability VCID-cbvq-4ze7-r3g6
15
vulnerability VCID-chxq-j9us-cygh
16
vulnerability VCID-egdx-4qqa-guh1
17
vulnerability VCID-f21a-143f-9qay
18
vulnerability VCID-f7bp-x4q3-jbeh
19
vulnerability VCID-fj3n-g8wp-bbaj
20
vulnerability VCID-ftus-vcww-2kgf
21
vulnerability VCID-gadc-jens-nuga
22
vulnerability VCID-ghj9-vyyr-tub8
23
vulnerability VCID-gqfj-qxbc-xqhm
24
vulnerability VCID-hdu6-u2pb-aqhp
25
vulnerability VCID-hxcf-k4te-h3gu
26
vulnerability VCID-jkk1-jx5j-q3ch
27
vulnerability VCID-kt2t-d3bx-jydv
28
vulnerability VCID-mf6k-jx45-m3fy
29
vulnerability VCID-n798-maqx-y3c9
30
vulnerability VCID-nhny-abkr-6qhb
31
vulnerability VCID-nprk-kfvh-vqfh
32
vulnerability VCID-nt1m-frdh-tbbq
33
vulnerability VCID-p6yg-d8wm-4bgz
34
vulnerability VCID-qmvt-9qth-77a6
35
vulnerability VCID-sgjx-bz3r-9yam
36
vulnerability VCID-sw7t-5s3e-vkhx
37
vulnerability VCID-ufrj-jn16-jybn
38
vulnerability VCID-ugdk-t2vk-nkfc
39
vulnerability VCID-ujt2-es3k-67aq
40
vulnerability VCID-v3vg-9jdz-guf5
41
vulnerability VCID-vex8-56fk-gqdf
42
vulnerability VCID-vp3u-cexw-57a4
43
vulnerability VCID-vv7c-uwnu-nfhb
44
vulnerability VCID-wake-zgkk-vber
45
vulnerability VCID-xee7-ge26-yfdc
46
vulnerability VCID-xvsy-e7fv-1ufe
47
vulnerability VCID-ypcy-hry9-5fa3
48
vulnerability VCID-z21g-8h32-yyf6
49
vulnerability VCID-z94j-z575-4ydx
50
vulnerability VCID-zc2d-dx64-2yh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.11
aliases CVE-2013-0156, GHSA-jmgw-6vjg-jjwg, OSV-89026
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-puve-cp8z-zbdr
8
url VCID-qmvt-9qth-77a6
vulnerability_id VCID-qmvt-9qth-77a6
summary 
XSS Vulnerability in the `sanitize` helper
The `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0698.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0698.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1857
reference_id
reference_type
scores
0
value 0.00625
scoring_system epss
scoring_elements 0.70586
published_at 2026-06-08T12:55:00Z
1
value 0.00625
scoring_system epss
scoring_elements 0.70564
published_at 2026-06-04T12:55:00Z
2
value 0.00625
scoring_system epss
scoring_elements 0.70606
published_at 2026-06-05T12:55:00Z
3
value 0.00625
scoring_system epss
scoring_elements 0.70616
published_at 2026-06-06T12:55:00Z
4
value 0.00625
scoring_system epss
scoring_elements 0.70598
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1857
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI
10
reference_url https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1857
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1857
12
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
13
reference_url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
14
reference_url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
15
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
16
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=921335
reference_id 921335
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=921335
18
reference_url https://github.com/advisories/GHSA-j838-vfpq-fmf2
reference_id GHSA-j838-vfpq-fmf2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j838-vfpq-fmf2
19
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/actionpack@3.2.13
purl pkg:gem/actionpack@3.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-2p4p-apst-v3cq
2
vulnerability VCID-37qm-tp8v-tugb
3
vulnerability VCID-464e-wb3p-j3dn
4
vulnerability VCID-4uv1-e1me-hqb3
5
vulnerability VCID-5swj-xwsw-rkac
6
vulnerability VCID-75m1-xqdk-j7f3
7
vulnerability VCID-7spd-zybv-pbgm
8
vulnerability VCID-9t5z-1umq-qbe4
9
vulnerability VCID-9xc9-zvs2-1kde
10
vulnerability VCID-b1ph-gjaz-ayar
11
vulnerability VCID-b464-j8ja-hke6
12
vulnerability VCID-bcwq-ngna-fqhd
13
vulnerability VCID-bfqq-ypyw-dycj
14
vulnerability VCID-cbvq-4ze7-r3g6
15
vulnerability VCID-chxq-j9us-cygh
16
vulnerability VCID-egdx-4qqa-guh1
17
vulnerability VCID-f21a-143f-9qay
18
vulnerability VCID-f7bp-x4q3-jbeh
19
vulnerability VCID-fj3n-g8wp-bbaj
20
vulnerability VCID-ftus-vcww-2kgf
21
vulnerability VCID-gadc-jens-nuga
22
vulnerability VCID-ghj9-vyyr-tub8
23
vulnerability VCID-gqfj-qxbc-xqhm
24
vulnerability VCID-hdu6-u2pb-aqhp
25
vulnerability VCID-hxcf-k4te-h3gu
26
vulnerability VCID-jkk1-jx5j-q3ch
27
vulnerability VCID-kt2t-d3bx-jydv
28
vulnerability VCID-mf6k-jx45-m3fy
29
vulnerability VCID-n798-maqx-y3c9
30
vulnerability VCID-nhny-abkr-6qhb
31
vulnerability VCID-nprk-kfvh-vqfh
32
vulnerability VCID-nt1m-frdh-tbbq
33
vulnerability VCID-p6yg-d8wm-4bgz
34
vulnerability VCID-qmvt-9qth-77a6
35
vulnerability VCID-sgjx-bz3r-9yam
36
vulnerability VCID-sw7t-5s3e-vkhx
37
vulnerability VCID-ufrj-jn16-jybn
38
vulnerability VCID-ugdk-t2vk-nkfc
39
vulnerability VCID-ujt2-es3k-67aq
40
vulnerability VCID-v3vg-9jdz-guf5
41
vulnerability VCID-vex8-56fk-gqdf
42
vulnerability VCID-vp3u-cexw-57a4
43
vulnerability VCID-vv7c-uwnu-nfhb
44
vulnerability VCID-wake-zgkk-vber
45
vulnerability VCID-xee7-ge26-yfdc
46
vulnerability VCID-xvsy-e7fv-1ufe
47
vulnerability VCID-ypcy-hry9-5fa3
48
vulnerability VCID-z21g-8h32-yyf6
49
vulnerability VCID-z94j-z575-4ydx
50
vulnerability VCID-zc2d-dx64-2yh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13
aliases CVE-2013-1857, GHSA-j838-vfpq-fmf2, OSV-91454
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmvt-9qth-77a6
9
url VCID-t9c8-r3yp-sbde
vulnerability_id VCID-t9c8-r3yp-sbde
summary 
Ruby on Rails Potential XSS Vulnerability in select_tag prompt
When a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3463
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56402
published_at 2026-06-08T12:55:00Z
1
value 0.00333
scoring_system epss
scoring_elements 0.56369
published_at 2026-06-04T12:55:00Z
2
value 0.00333
scoring_system epss
scoring_elements 0.56425
published_at 2026-06-05T12:55:00Z
3
value 0.00333
scoring_system epss
scoring_elements 0.56431
published_at 2026-06-06T12:55:00Z
4
value 0.00333
scoring_system epss
scoring_elements 0.56419
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3463
3
reference_url https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64
4
reference_url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
5
reference_url https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain
6
reference_url https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3463
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3463
8
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
9
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=847196
reference_id 847196
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=847196
11
reference_url https://github.com/advisories/GHSA-98mf-8f57-64qf
reference_id GHSA-98mf-8f57-64qf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98mf-8f57-64qf
12
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
13
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/actionpack@3.2.8
purl pkg:gem/actionpack@3.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-2p4p-apst-v3cq
2
vulnerability VCID-37qm-tp8v-tugb
3
vulnerability VCID-464e-wb3p-j3dn
4
vulnerability VCID-4uv1-e1me-hqb3
5
vulnerability VCID-5swj-xwsw-rkac
6
vulnerability VCID-75m1-xqdk-j7f3
7
vulnerability VCID-7spd-zybv-pbgm
8
vulnerability VCID-9t5z-1umq-qbe4
9
vulnerability VCID-9xc9-zvs2-1kde
10
vulnerability VCID-b1ph-gjaz-ayar
11
vulnerability VCID-b464-j8ja-hke6
12
vulnerability VCID-bcwq-ngna-fqhd
13
vulnerability VCID-bfqq-ypyw-dycj
14
vulnerability VCID-cbvq-4ze7-r3g6
15
vulnerability VCID-chxq-j9us-cygh
16
vulnerability VCID-egdx-4qqa-guh1
17
vulnerability VCID-f21a-143f-9qay
18
vulnerability VCID-f7bp-x4q3-jbeh
19
vulnerability VCID-fj3n-g8wp-bbaj
20
vulnerability VCID-ftus-vcww-2kgf
21
vulnerability VCID-gadc-jens-nuga
22
vulnerability VCID-ghj9-vyyr-tub8
23
vulnerability VCID-gqfj-qxbc-xqhm
24
vulnerability VCID-hdu6-u2pb-aqhp
25
vulnerability VCID-hxcf-k4te-h3gu
26
vulnerability VCID-jkk1-jx5j-q3ch
27
vulnerability VCID-kt2t-d3bx-jydv
28
vulnerability VCID-mf6k-jx45-m3fy
29
vulnerability VCID-n798-maqx-y3c9
30
vulnerability VCID-nhny-abkr-6qhb
31
vulnerability VCID-nprk-kfvh-vqfh
32
vulnerability VCID-nt1m-frdh-tbbq
33
vulnerability VCID-p6yg-d8wm-4bgz
34
vulnerability VCID-puve-cp8z-zbdr
35
vulnerability VCID-qmvt-9qth-77a6
36
vulnerability VCID-sgjx-bz3r-9yam
37
vulnerability VCID-sw7t-5s3e-vkhx
38
vulnerability VCID-ufrj-jn16-jybn
39
vulnerability VCID-ugdk-t2vk-nkfc
40
vulnerability VCID-ujt2-es3k-67aq
41
vulnerability VCID-v3vg-9jdz-guf5
42
vulnerability VCID-vex8-56fk-gqdf
43
vulnerability VCID-vp3u-cexw-57a4
44
vulnerability VCID-vv7c-uwnu-nfhb
45
vulnerability VCID-wake-zgkk-vber
46
vulnerability VCID-xee7-ge26-yfdc
47
vulnerability VCID-xvsy-e7fv-1ufe
48
vulnerability VCID-ypcy-hry9-5fa3
49
vulnerability VCID-z21g-8h32-yyf6
50
vulnerability VCID-z94j-z575-4ydx
51
vulnerability VCID-zc2d-dx64-2yh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8
aliases CVE-2012-3463, GHSA-98mf-8f57-64qf, OSV-84515
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9c8-r3yp-sbde
10
url VCID-wg66-q6wh-w7fe
vulnerability_id VCID-wg66-q6wh-w7fe
summary 
XSS via posted select tag options
Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1099
reference_id
reference_type
scores
0
value 0.00399
scoring_system epss
scoring_elements 0.61018
published_at 2026-06-08T12:55:00Z
1
value 0.00399
scoring_system epss
scoring_elements 0.60991
published_at 2026-06-04T12:55:00Z
2
value 0.00399
scoring_system epss
scoring_elements 0.6104
published_at 2026-06-05T12:55:00Z
3
value 0.00399
scoring_system epss
scoring_elements 0.61048
published_at 2026-06-06T12:55:00Z
4
value 0.00399
scoring_system epss
scoring_elements 0.61036
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1099
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=799276
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=799276
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099
7
reference_url https://github.com/advisories/GHSA-2xjj-5x6h-8vmf
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2xjj-5x6h-8vmf
8
reference_url https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1099
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1099
12
reference_url http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released
13
reference_url http://www.debian.org/security/2012/dsa-2466
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2466
14
reference_url http://www.openwall.com/lists/oss-security/2012/03/02/6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/03/02/6
15
reference_url http://www.openwall.com/lists/oss-security/2012/03/03/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/03/03/1
fixed_packages
0
url pkg:gem/actionpack@3.2.2
purl pkg:gem/actionpack@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzg-37dp-cyb1
1
vulnerability VCID-2p4p-apst-v3cq
2
vulnerability VCID-37qm-tp8v-tugb
3
vulnerability VCID-464e-wb3p-j3dn
4
vulnerability VCID-4uv1-e1me-hqb3
5
vulnerability VCID-5swj-xwsw-rkac
6
vulnerability VCID-75m1-xqdk-j7f3
7
vulnerability VCID-7m31-x66p-3bha
8
vulnerability VCID-7spd-zybv-pbgm
9
vulnerability VCID-9t5z-1umq-qbe4
10
vulnerability VCID-9xc9-zvs2-1kde
11
vulnerability VCID-b1ph-gjaz-ayar
12
vulnerability VCID-b464-j8ja-hke6
13
vulnerability VCID-bcwq-ngna-fqhd
14
vulnerability VCID-bfqq-ypyw-dycj
15
vulnerability VCID-cbvq-4ze7-r3g6
16
vulnerability VCID-chxq-j9us-cygh
17
vulnerability VCID-dx34-zm9p-1ydc
18
vulnerability VCID-egdx-4qqa-guh1
19
vulnerability VCID-f21a-143f-9qay
20
vulnerability VCID-f7bp-x4q3-jbeh
21
vulnerability VCID-fj3n-g8wp-bbaj
22
vulnerability VCID-ftus-vcww-2kgf
23
vulnerability VCID-gadc-jens-nuga
24
vulnerability VCID-ghj9-vyyr-tub8
25
vulnerability VCID-gqfj-qxbc-xqhm
26
vulnerability VCID-hdu6-u2pb-aqhp
27
vulnerability VCID-hxcf-k4te-h3gu
28
vulnerability VCID-jkk1-jx5j-q3ch
29
vulnerability VCID-kt2t-d3bx-jydv
30
vulnerability VCID-mf6k-jx45-m3fy
31
vulnerability VCID-n798-maqx-y3c9
32
vulnerability VCID-nhny-abkr-6qhb
33
vulnerability VCID-nprk-kfvh-vqfh
34
vulnerability VCID-nt1m-frdh-tbbq
35
vulnerability VCID-p6yg-d8wm-4bgz
36
vulnerability VCID-puve-cp8z-zbdr
37
vulnerability VCID-qmvt-9qth-77a6
38
vulnerability VCID-sgjx-bz3r-9yam
39
vulnerability VCID-sw7t-5s3e-vkhx
40
vulnerability VCID-t9c8-r3yp-sbde
41
vulnerability VCID-ufrj-jn16-jybn
42
vulnerability VCID-ugdk-t2vk-nkfc
43
vulnerability VCID-ujt2-es3k-67aq
44
vulnerability VCID-v3vg-9jdz-guf5
45
vulnerability VCID-vex8-56fk-gqdf
46
vulnerability VCID-vp3u-cexw-57a4
47
vulnerability VCID-vv7c-uwnu-nfhb
48
vulnerability VCID-wake-zgkk-vber
49
vulnerability VCID-xee7-ge26-yfdc
50
vulnerability VCID-xvsy-e7fv-1ufe
51
vulnerability VCID-ypcy-hry9-5fa3
52
vulnerability VCID-z21g-8h32-yyf6
53
vulnerability VCID-z94j-z575-4ydx
54
vulnerability VCID-zc2d-dx64-2yh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.2
aliases CVE-2012-1099, GHSA-2xjj-5x6h-8vmf, OSV-79727
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg66-q6wh-w7fe
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2