Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/75466?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/75466?format=api", "purl": "pkg:gem/actionpack@3.2", "type": "gem", "namespace": "", "name": "actionpack", "version": "3.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "8.1.2.1", "latest_non_vulnerable_version": "8.1.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37603?format=api", "vulnerability_id": "VCID-2p4p-apst-v3cq", "summary": "XSS Vulnerability in simple_format helper\nThe simple_format helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass user-controlled data to be included as html attributes will be vulnerable to an XSS attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46647", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46696", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46716", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46713", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6416" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/404", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/404" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6416", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6416" }, { "reference_url": "https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036914", "reference_id": "1036914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036914" }, { "reference_url": "https://github.com/advisories/GHSA-w37c-q653-qg95", "reference_id": "GHSA-w37c-q653-qg95", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w37c-q653-qg95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51661?format=api", "purl": "pkg:gem/actionpack@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pzg-37dp-cyb1" }, { "vulnerability": "VCID-37qm-tp8v-tugb" }, { "vulnerability": "VCID-4uv1-e1me-hqb3" }, { "vulnerability": "VCID-5swj-xwsw-rkac" }, { "vulnerability": "VCID-75m1-xqdk-j7f3" }, { "vulnerability": "VCID-9t5z-1umq-qbe4" }, { "vulnerability": "VCID-9xc9-zvs2-1kde" }, { "vulnerability": "VCID-b1ph-gjaz-ayar" }, { "vulnerability": "VCID-b464-j8ja-hke6" }, { "vulnerability": "VCID-bcwq-ngna-fqhd" }, { "vulnerability": "VCID-bfqq-ypyw-dycj" }, { "vulnerability": "VCID-cbvq-4ze7-r3g6" }, { "vulnerability": "VCID-chxq-j9us-cygh" }, { "vulnerability": "VCID-ecg2-wcty-b7hw" }, { "vulnerability": "VCID-egdx-4qqa-guh1" }, { "vulnerability": "VCID-f21a-143f-9qay" }, { "vulnerability": "VCID-f7bp-x4q3-jbeh" }, { "vulnerability": "VCID-ftus-vcww-2kgf" }, { "vulnerability": "VCID-gqfj-qxbc-xqhm" }, { "vulnerability": "VCID-hdu6-u2pb-aqhp" }, { "vulnerability": "VCID-hxcf-k4te-h3gu" }, { "vulnerability": "VCID-jkk1-jx5j-q3ch" }, { "vulnerability": "VCID-mf6k-jx45-m3fy" }, { "vulnerability": "VCID-n798-maqx-y3c9" }, { "vulnerability": "VCID-nhny-abkr-6qhb" }, { "vulnerability": "VCID-nprk-kfvh-vqfh" }, { "vulnerability": "VCID-nt1m-frdh-tbbq" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-sw7t-5s3e-vkhx" }, { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-ugdk-t2vk-nkfc" }, { "vulnerability": "VCID-ujt2-es3k-67aq" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" }, { "vulnerability": "VCID-vex8-56fk-gqdf" }, { "vulnerability": "VCID-vp3u-cexw-57a4" }, { "vulnerability": "VCID-vv7c-uwnu-nfhb" }, { "vulnerability": "VCID-wake-zgkk-vber" }, { "vulnerability": "VCID-xee7-ge26-yfdc" }, { "vulnerability": "VCID-xvsy-e7fv-1ufe" }, { "vulnerability": "VCID-y8dx-xevb-bka2" }, { "vulnerability": "VCID-ypcy-hry9-5fa3" }, { "vulnerability": "VCID-z21g-8h32-yyf6" }, { "vulnerability": "VCID-zc2d-dx64-2yh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2" } ], "aliases": [ "CVE-2013-6416", "GHSA-w37c-q653-qg95", "OSV-100526" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2p4p-apst-v3cq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39081?format=api", "vulnerability_id": "VCID-75m1-xqdk-j7f3", "summary": "Improper Input Validation\nThe template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a \"filter skipping vulnerability.\"", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74636", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74667", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.7466", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74673", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2929" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731432", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731432" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml" }, { "reference_url": "https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2929", "reference_id": "CVE-2011-2929", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2929" }, { "reference_url": "https://github.com/advisories/GHSA-r7q2-5gqg-6c7q", "reference_id": "GHSA-r7q2-5gqg-6c7q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7q2-5gqg-6c7q" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-2929", "GHSA-r7q2-5gqg-6c7q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-75m1-xqdk-j7f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39069?format=api", "vulnerability_id": "VCID-7m31-x66p-3bha", "summary": "actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56369", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56419", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56431", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56425", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3465" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77" }, { "reference_url": "https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847200", "reference_id": "847200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847200" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3465", "reference_id": "CVE-2012-3465", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3465" }, { "reference_url": "https://github.com/advisories/GHSA-7g65-ghrg-hpf5", "reference_id": "GHSA-7g65-ghrg-hpf5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7g65-ghrg-hpf5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51284?format=api", "purl": "pkg:gem/actionpack@3.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pzg-37dp-cyb1" }, { "vulnerability": "VCID-2p4p-apst-v3cq" }, { "vulnerability": "VCID-37qm-tp8v-tugb" }, { "vulnerability": "VCID-464e-wb3p-j3dn" }, { "vulnerability": "VCID-4uv1-e1me-hqb3" }, { "vulnerability": "VCID-5swj-xwsw-rkac" }, { "vulnerability": "VCID-75m1-xqdk-j7f3" }, { "vulnerability": "VCID-7spd-zybv-pbgm" }, { "vulnerability": "VCID-9t5z-1umq-qbe4" }, { "vulnerability": "VCID-9xc9-zvs2-1kde" }, { "vulnerability": "VCID-b1ph-gjaz-ayar" }, { "vulnerability": "VCID-b464-j8ja-hke6" }, { "vulnerability": "VCID-bcwq-ngna-fqhd" }, { "vulnerability": "VCID-bfqq-ypyw-dycj" }, { "vulnerability": "VCID-cbvq-4ze7-r3g6" }, { "vulnerability": "VCID-chxq-j9us-cygh" }, { "vulnerability": "VCID-egdx-4qqa-guh1" }, { "vulnerability": "VCID-f21a-143f-9qay" }, { "vulnerability": "VCID-f7bp-x4q3-jbeh" }, { "vulnerability": "VCID-fj3n-g8wp-bbaj" }, { "vulnerability": "VCID-ftus-vcww-2kgf" }, { "vulnerability": "VCID-gadc-jens-nuga" }, { "vulnerability": "VCID-ghj9-vyyr-tub8" }, { "vulnerability": "VCID-gqfj-qxbc-xqhm" }, { "vulnerability": "VCID-hdu6-u2pb-aqhp" }, { "vulnerability": "VCID-hxcf-k4te-h3gu" }, { "vulnerability": "VCID-jkk1-jx5j-q3ch" }, { "vulnerability": "VCID-kt2t-d3bx-jydv" }, { "vulnerability": "VCID-mf6k-jx45-m3fy" }, { "vulnerability": "VCID-n798-maqx-y3c9" }, { "vulnerability": "VCID-nhny-abkr-6qhb" }, { "vulnerability": "VCID-nprk-kfvh-vqfh" }, { "vulnerability": "VCID-nt1m-frdh-tbbq" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-puve-cp8z-zbdr" }, { "vulnerability": "VCID-qmvt-9qth-77a6" }, { "vulnerability": "VCID-sgjx-bz3r-9yam" }, { "vulnerability": "VCID-sw7t-5s3e-vkhx" }, { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-ugdk-t2vk-nkfc" }, { "vulnerability": "VCID-ujt2-es3k-67aq" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" }, { "vulnerability": "VCID-vex8-56fk-gqdf" }, { "vulnerability": "VCID-vp3u-cexw-57a4" }, { "vulnerability": "VCID-vv7c-uwnu-nfhb" }, { "vulnerability": "VCID-wake-zgkk-vber" }, { "vulnerability": "VCID-xee7-ge26-yfdc" }, { "vulnerability": "VCID-xvsy-e7fv-1ufe" }, { "vulnerability": "VCID-ypcy-hry9-5fa3" }, { "vulnerability": "VCID-z21g-8h32-yyf6" }, { "vulnerability": "VCID-z94j-z575-4ydx" }, { "vulnerability": "VCID-zc2d-dx64-2yh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8" } ], "aliases": [ "CVE-2012-3465", "GHSA-7g65-ghrg-hpf5", "OSV-84513" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7m31-x66p-3bha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39071?format=api", "vulnerability_id": "VCID-dx34-zm9p-1ydc", "summary": "actionpack Improper Authentication vulnerability\nThe `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.77163", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.77122", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.77153", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.77151", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3424" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain" }, { "reference_url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=843711", "reference_id": "843711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843711" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3424", "reference_id": "CVE-2012-3424", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3424" }, { "reference_url": "https://github.com/advisories/GHSA-92w9-2pqw-rhjj", "reference_id": "GHSA-92w9-2pqw-rhjj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92w9-2pqw-rhjj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54502?format=api", "purl": "pkg:gem/actionpack@3.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pzg-37dp-cyb1" }, { "vulnerability": "VCID-2p4p-apst-v3cq" }, { "vulnerability": "VCID-37qm-tp8v-tugb" }, { "vulnerability": "VCID-464e-wb3p-j3dn" }, { "vulnerability": "VCID-4uv1-e1me-hqb3" }, { "vulnerability": "VCID-5swj-xwsw-rkac" }, { "vulnerability": "VCID-75m1-xqdk-j7f3" }, { "vulnerability": "VCID-7m31-x66p-3bha" }, { "vulnerability": "VCID-7spd-zybv-pbgm" }, { "vulnerability": "VCID-9t5z-1umq-qbe4" }, { "vulnerability": "VCID-9xc9-zvs2-1kde" }, { "vulnerability": "VCID-b1ph-gjaz-ayar" }, { "vulnerability": "VCID-b464-j8ja-hke6" }, { "vulnerability": "VCID-bcwq-ngna-fqhd" }, { "vulnerability": "VCID-bfqq-ypyw-dycj" }, { "vulnerability": "VCID-cbvq-4ze7-r3g6" }, { "vulnerability": "VCID-chxq-j9us-cygh" }, { "vulnerability": "VCID-egdx-4qqa-guh1" }, { "vulnerability": "VCID-f21a-143f-9qay" }, { "vulnerability": "VCID-f7bp-x4q3-jbeh" }, { "vulnerability": "VCID-fj3n-g8wp-bbaj" }, { "vulnerability": "VCID-ftus-vcww-2kgf" }, { "vulnerability": "VCID-gadc-jens-nuga" }, { "vulnerability": "VCID-ghj9-vyyr-tub8" }, { "vulnerability": "VCID-gqfj-qxbc-xqhm" }, { "vulnerability": "VCID-hdu6-u2pb-aqhp" }, { "vulnerability": "VCID-hxcf-k4te-h3gu" }, { "vulnerability": "VCID-jkk1-jx5j-q3ch" }, { "vulnerability": "VCID-kt2t-d3bx-jydv" }, { "vulnerability": "VCID-mf6k-jx45-m3fy" }, { "vulnerability": "VCID-n798-maqx-y3c9" }, { "vulnerability": "VCID-nhny-abkr-6qhb" }, { "vulnerability": "VCID-nprk-kfvh-vqfh" }, { "vulnerability": "VCID-nt1m-frdh-tbbq" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-puve-cp8z-zbdr" }, { "vulnerability": "VCID-qmvt-9qth-77a6" }, { "vulnerability": "VCID-sgjx-bz3r-9yam" }, { "vulnerability": "VCID-sw7t-5s3e-vkhx" }, { "vulnerability": "VCID-t9c8-r3yp-sbde" }, { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-ugdk-t2vk-nkfc" }, { "vulnerability": "VCID-ujt2-es3k-67aq" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" }, { "vulnerability": "VCID-vex8-56fk-gqdf" }, { "vulnerability": "VCID-vp3u-cexw-57a4" }, { "vulnerability": "VCID-vv7c-uwnu-nfhb" }, { "vulnerability": "VCID-wake-zgkk-vber" }, { "vulnerability": "VCID-xee7-ge26-yfdc" }, { "vulnerability": "VCID-xvsy-e7fv-1ufe" }, { "vulnerability": "VCID-ypcy-hry9-5fa3" }, { "vulnerability": "VCID-z21g-8h32-yyf6" }, { "vulnerability": "VCID-z94j-z575-4ydx" }, { "vulnerability": "VCID-zc2d-dx64-2yh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.7" } ], "aliases": [ "CVE-2012-3424", "GHSA-92w9-2pqw-rhjj", "OSV-84243" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dx34-zm9p-1ydc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39097?format=api", "vulnerability_id": "VCID-f21a-143f-9qay", "summary": "actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request\n`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2694", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44672", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44727", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44749", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44741", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2694" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a" }, { "reference_url": "https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=831581", "reference_id": "831581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831581" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2694", "reference_id": "CVE-2012-2694", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2694" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml", "reference_id": "CVE-2012-2694.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml" }, { "reference_url": "https://github.com/advisories/GHSA-q34c-48gc-m9g8", "reference_id": "GHSA-q34c-48gc-m9g8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q34c-48gc-m9g8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54576?format=api", "purl": "pkg:gem/actionpack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pzg-37dp-cyb1" }, { "vulnerability": "VCID-2p4p-apst-v3cq" }, { "vulnerability": "VCID-37qm-tp8v-tugb" }, { "vulnerability": "VCID-464e-wb3p-j3dn" }, { "vulnerability": "VCID-4uv1-e1me-hqb3" }, { "vulnerability": "VCID-5swj-xwsw-rkac" }, { "vulnerability": "VCID-75m1-xqdk-j7f3" }, { "vulnerability": "VCID-7m31-x66p-3bha" }, { "vulnerability": "VCID-7spd-zybv-pbgm" }, { "vulnerability": "VCID-9t5z-1umq-qbe4" }, { "vulnerability": "VCID-9xc9-zvs2-1kde" }, { "vulnerability": "VCID-b1ph-gjaz-ayar" }, { "vulnerability": "VCID-b464-j8ja-hke6" }, { "vulnerability": "VCID-bcwq-ngna-fqhd" }, { "vulnerability": "VCID-bfqq-ypyw-dycj" }, { "vulnerability": "VCID-cbvq-4ze7-r3g6" }, { "vulnerability": "VCID-chxq-j9us-cygh" }, { "vulnerability": "VCID-dx34-zm9p-1ydc" }, { "vulnerability": "VCID-egdx-4qqa-guh1" }, { "vulnerability": "VCID-f21a-143f-9qay" }, { "vulnerability": "VCID-f7bp-x4q3-jbeh" }, { "vulnerability": "VCID-fj3n-g8wp-bbaj" }, { "vulnerability": "VCID-ftus-vcww-2kgf" }, { "vulnerability": "VCID-gadc-jens-nuga" }, { "vulnerability": "VCID-ghj9-vyyr-tub8" }, { "vulnerability": "VCID-gqfj-qxbc-xqhm" }, { "vulnerability": "VCID-hdu6-u2pb-aqhp" }, { "vulnerability": "VCID-hxcf-k4te-h3gu" }, { "vulnerability": "VCID-jkk1-jx5j-q3ch" }, { "vulnerability": "VCID-kt2t-d3bx-jydv" }, { "vulnerability": "VCID-mf6k-jx45-m3fy" }, { "vulnerability": "VCID-n798-maqx-y3c9" }, { "vulnerability": "VCID-nhny-abkr-6qhb" }, { "vulnerability": "VCID-nprk-kfvh-vqfh" }, { "vulnerability": "VCID-nt1m-frdh-tbbq" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-puve-cp8z-zbdr" }, { "vulnerability": "VCID-qmvt-9qth-77a6" }, { "vulnerability": "VCID-sgjx-bz3r-9yam" }, { "vulnerability": "VCID-sw7t-5s3e-vkhx" }, { "vulnerability": "VCID-t9c8-r3yp-sbde" }, { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-ugdk-t2vk-nkfc" }, { "vulnerability": "VCID-ujt2-es3k-67aq" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" }, { "vulnerability": "VCID-vex8-56fk-gqdf" }, { "vulnerability": "VCID-vp3u-cexw-57a4" }, { "vulnerability": "VCID-vv7c-uwnu-nfhb" }, { "vulnerability": "VCID-wake-zgkk-vber" }, { "vulnerability": "VCID-xee7-ge26-yfdc" }, { "vulnerability": "VCID-xvsy-e7fv-1ufe" }, { "vulnerability": "VCID-ypcy-hry9-5fa3" }, { "vulnerability": "VCID-z21g-8h32-yyf6" }, { "vulnerability": "VCID-z94j-z575-4ydx" }, { "vulnerability": "VCID-zc2d-dx64-2yh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.6" } ], "aliases": [ "CVE-2012-2694", "GHSA-q34c-48gc-m9g8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f21a-143f-9qay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37516?format=api", "vulnerability_id": "VCID-kt2t-d3bx-jydv", "summary": "XSS vulnerability in sanitize_css in Action Pack\nCarefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0698", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-1855" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67843", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67847", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67807", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67854", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1855" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921331", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1855" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://github.com/advisories/GHSA-q759-hwvc-m3jg", "reference_id": "GHSA-q759-hwvc-m3jg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q759-hwvc-m3jg" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51452?format=api", "purl": "pkg:gem/actionpack@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pzg-37dp-cyb1" }, { "vulnerability": "VCID-2p4p-apst-v3cq" }, { "vulnerability": "VCID-37qm-tp8v-tugb" }, { "vulnerability": "VCID-464e-wb3p-j3dn" }, { "vulnerability": "VCID-4uv1-e1me-hqb3" }, { "vulnerability": "VCID-5swj-xwsw-rkac" }, { "vulnerability": "VCID-75m1-xqdk-j7f3" }, { "vulnerability": "VCID-7spd-zybv-pbgm" }, { "vulnerability": "VCID-9t5z-1umq-qbe4" }, { "vulnerability": "VCID-9xc9-zvs2-1kde" }, { "vulnerability": "VCID-b1ph-gjaz-ayar" }, { "vulnerability": "VCID-b464-j8ja-hke6" }, { "vulnerability": "VCID-bcwq-ngna-fqhd" }, { "vulnerability": "VCID-bfqq-ypyw-dycj" }, { "vulnerability": "VCID-cbvq-4ze7-r3g6" }, { "vulnerability": "VCID-chxq-j9us-cygh" }, { "vulnerability": "VCID-egdx-4qqa-guh1" }, { "vulnerability": "VCID-f21a-143f-9qay" }, { "vulnerability": "VCID-f7bp-x4q3-jbeh" }, { "vulnerability": "VCID-fj3n-g8wp-bbaj" }, { "vulnerability": "VCID-ftus-vcww-2kgf" }, { "vulnerability": "VCID-gadc-jens-nuga" }, { "vulnerability": "VCID-ghj9-vyyr-tub8" }, { "vulnerability": "VCID-gqfj-qxbc-xqhm" }, { "vulnerability": "VCID-hdu6-u2pb-aqhp" }, { "vulnerability": "VCID-hxcf-k4te-h3gu" }, { "vulnerability": "VCID-jkk1-jx5j-q3ch" }, { "vulnerability": "VCID-kt2t-d3bx-jydv" }, { "vulnerability": "VCID-mf6k-jx45-m3fy" }, { "vulnerability": "VCID-n798-maqx-y3c9" }, { "vulnerability": "VCID-nhny-abkr-6qhb" }, { "vulnerability": "VCID-nprk-kfvh-vqfh" }, { "vulnerability": "VCID-nt1m-frdh-tbbq" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-qmvt-9qth-77a6" }, { "vulnerability": "VCID-sgjx-bz3r-9yam" }, { "vulnerability": "VCID-sw7t-5s3e-vkhx" }, { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-ugdk-t2vk-nkfc" }, { "vulnerability": "VCID-ujt2-es3k-67aq" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" }, { "vulnerability": "VCID-vex8-56fk-gqdf" }, { "vulnerability": "VCID-vp3u-cexw-57a4" }, { "vulnerability": "VCID-vv7c-uwnu-nfhb" }, { "vulnerability": "VCID-wake-zgkk-vber" }, { "vulnerability": "VCID-xee7-ge26-yfdc" }, { "vulnerability": "VCID-xvsy-e7fv-1ufe" }, { "vulnerability": "VCID-ypcy-hry9-5fa3" }, { "vulnerability": "VCID-z21g-8h32-yyf6" }, { "vulnerability": "VCID-z94j-z575-4ydx" }, { "vulnerability": "VCID-zc2d-dx64-2yh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13" } ], "aliases": [ "CVE-2013-1855", "GHSA-q759-hwvc-m3jg", "OSV-91452" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2t-d3bx-jydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37442?format=api", "vulnerability_id": "VCID-p6yg-d8wm-4bgz", "summary": "SQL Injection\nRuby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36615", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36549", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36643", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36651", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b" }, { "reference_url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml" }, { "reference_url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353", "reference_id": "827353", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660", "reference_id": "CVE-2012-2660", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml", "reference_id": "CVE-2012-2660.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml", "reference_id": "CVE-2012-2660.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf", "reference_id": "GHSA-hgpp-pp89-4fgf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54558?format=api", "purl": "pkg:gem/actionpack@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pzg-37dp-cyb1" }, { "vulnerability": "VCID-2p4p-apst-v3cq" }, { "vulnerability": "VCID-37qm-tp8v-tugb" }, { "vulnerability": "VCID-464e-wb3p-j3dn" }, { "vulnerability": "VCID-4uv1-e1me-hqb3" }, { "vulnerability": "VCID-5swj-xwsw-rkac" }, { "vulnerability": "VCID-75m1-xqdk-j7f3" }, { "vulnerability": "VCID-7m31-x66p-3bha" }, { "vulnerability": "VCID-7spd-zybv-pbgm" }, { "vulnerability": "VCID-9t5z-1umq-qbe4" }, { "vulnerability": "VCID-9xc9-zvs2-1kde" }, { "vulnerability": "VCID-b1ph-gjaz-ayar" }, { "vulnerability": "VCID-b464-j8ja-hke6" }, { "vulnerability": "VCID-bcwq-ngna-fqhd" }, { "vulnerability": "VCID-bfqq-ypyw-dycj" }, { "vulnerability": "VCID-cbvq-4ze7-r3g6" }, { "vulnerability": "VCID-chxq-j9us-cygh" }, { "vulnerability": "VCID-dx34-zm9p-1ydc" }, { "vulnerability": "VCID-egdx-4qqa-guh1" }, { "vulnerability": "VCID-f21a-143f-9qay" }, { "vulnerability": "VCID-f7bp-x4q3-jbeh" }, { "vulnerability": "VCID-fj3n-g8wp-bbaj" }, { "vulnerability": "VCID-ftus-vcww-2kgf" }, { "vulnerability": "VCID-gadc-jens-nuga" }, { "vulnerability": "VCID-ghj9-vyyr-tub8" }, { "vulnerability": "VCID-gqfj-qxbc-xqhm" }, { "vulnerability": "VCID-hdu6-u2pb-aqhp" }, { "vulnerability": "VCID-hxcf-k4te-h3gu" }, { "vulnerability": "VCID-jkk1-jx5j-q3ch" }, { "vulnerability": "VCID-kt2t-d3bx-jydv" }, { "vulnerability": "VCID-mf6k-jx45-m3fy" }, { "vulnerability": "VCID-n798-maqx-y3c9" }, { "vulnerability": "VCID-nhny-abkr-6qhb" }, { "vulnerability": "VCID-nprk-kfvh-vqfh" }, { "vulnerability": "VCID-nt1m-frdh-tbbq" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-puve-cp8z-zbdr" }, { "vulnerability": "VCID-qmvt-9qth-77a6" }, { "vulnerability": "VCID-sgjx-bz3r-9yam" }, { "vulnerability": "VCID-sw7t-5s3e-vkhx" }, { "vulnerability": "VCID-t9c8-r3yp-sbde" }, { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-ugdk-t2vk-nkfc" }, { "vulnerability": "VCID-ujt2-es3k-67aq" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" }, { "vulnerability": "VCID-vex8-56fk-gqdf" }, { "vulnerability": "VCID-vp3u-cexw-57a4" }, { "vulnerability": "VCID-vv7c-uwnu-nfhb" }, { "vulnerability": "VCID-wake-zgkk-vber" }, { "vulnerability": "VCID-xee7-ge26-yfdc" }, { "vulnerability": "VCID-xvsy-e7fv-1ufe" }, { "vulnerability": "VCID-ypcy-hry9-5fa3" }, { "vulnerability": "VCID-z21g-8h32-yyf6" }, { "vulnerability": "VCID-z94j-z575-4ydx" }, { "vulnerability": "VCID-zc2d-dx64-2yh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4" } ], "aliases": [ "CVE-2012-2660", "GHSA-hgpp-pp89-4fgf", "OSV-82610" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6yg-d8wm-4bgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37479?format=api", "vulnerability_id": "VCID-puve-cp8z-zbdr", "summary": "Multiple vulnerabilities in parameter parsing in Action Pack\nThere are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0153.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0153.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91907", "scoring_system": "epss", "scoring_elements": "0.99709", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.91907", "scoring_system": "epss", "scoring_elements": "0.99708", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0156" }, { "reference_url": "https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0156" }, { "reference_url": "https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" }, { "reference_url": "https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "reference_url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2604", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2604" }, { "reference_url": "http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html" }, { "reference_url": "http://www.insinuator.net/2013/01/rails-yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.insinuator.net/2013/01/rails-yaml" }, { "reference_url": "http://www.insinuator.net/2013/01/rails-yaml/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.insinuator.net/2013/01/rails-yaml/" }, { "reference_url": "http://www.kb.cert.org/vuls/id/380039", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/380039" }, { "reference_url": "http://www.kb.cert.org/vuls/id/628463", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/628463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722", "reference_id": "697722", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892870", "reference_id": "892870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892870" }, { "reference_url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/", "reference_id": "CVE-2013-0156", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb", "reference_id": "CVE-2013-0156;OSVDB-89026", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb", "reference_id": "CVE-2013-0156;OSVDB-89026", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb" }, { "reference_url": "https://github.com/advisories/GHSA-jmgw-6vjg-jjwg", "reference_id": "GHSA-jmgw-6vjg-jjwg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmgw-6vjg-jjwg" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0153", "reference_id": "RHSA-2013:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51357?format=api", "purl": "pkg:gem/actionpack@3.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pzg-37dp-cyb1" }, { "vulnerability": "VCID-2p4p-apst-v3cq" }, { "vulnerability": "VCID-37qm-tp8v-tugb" }, { "vulnerability": "VCID-464e-wb3p-j3dn" }, { "vulnerability": "VCID-4uv1-e1me-hqb3" }, { "vulnerability": "VCID-5swj-xwsw-rkac" }, { "vulnerability": "VCID-75m1-xqdk-j7f3" }, { "vulnerability": "VCID-7spd-zybv-pbgm" }, { "vulnerability": "VCID-9t5z-1umq-qbe4" }, { "vulnerability": "VCID-9xc9-zvs2-1kde" }, { "vulnerability": "VCID-b1ph-gjaz-ayar" }, { "vulnerability": "VCID-b464-j8ja-hke6" }, { "vulnerability": "VCID-bcwq-ngna-fqhd" }, { "vulnerability": "VCID-bfqq-ypyw-dycj" }, { "vulnerability": "VCID-cbvq-4ze7-r3g6" }, { "vulnerability": "VCID-chxq-j9us-cygh" }, { "vulnerability": "VCID-egdx-4qqa-guh1" }, { "vulnerability": "VCID-f21a-143f-9qay" }, { "vulnerability": "VCID-f7bp-x4q3-jbeh" }, { "vulnerability": "VCID-fj3n-g8wp-bbaj" }, { "vulnerability": "VCID-ftus-vcww-2kgf" }, { "vulnerability": "VCID-gadc-jens-nuga" }, { "vulnerability": "VCID-ghj9-vyyr-tub8" }, { "vulnerability": "VCID-gqfj-qxbc-xqhm" }, { "vulnerability": "VCID-hdu6-u2pb-aqhp" }, { "vulnerability": "VCID-hxcf-k4te-h3gu" }, { "vulnerability": "VCID-jkk1-jx5j-q3ch" }, { "vulnerability": "VCID-kt2t-d3bx-jydv" }, { "vulnerability": "VCID-mf6k-jx45-m3fy" }, { "vulnerability": "VCID-n798-maqx-y3c9" }, { "vulnerability": "VCID-nhny-abkr-6qhb" }, { "vulnerability": "VCID-nprk-kfvh-vqfh" }, { "vulnerability": "VCID-nt1m-frdh-tbbq" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-qmvt-9qth-77a6" }, { "vulnerability": "VCID-sgjx-bz3r-9yam" }, { "vulnerability": "VCID-sw7t-5s3e-vkhx" }, { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-ugdk-t2vk-nkfc" }, { "vulnerability": "VCID-ujt2-es3k-67aq" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" }, { "vulnerability": "VCID-vex8-56fk-gqdf" }, { "vulnerability": "VCID-vp3u-cexw-57a4" }, { "vulnerability": "VCID-vv7c-uwnu-nfhb" }, { "vulnerability": "VCID-wake-zgkk-vber" }, { "vulnerability": "VCID-xee7-ge26-yfdc" }, { "vulnerability": "VCID-xvsy-e7fv-1ufe" }, { "vulnerability": "VCID-ypcy-hry9-5fa3" }, { "vulnerability": "VCID-z21g-8h32-yyf6" }, { "vulnerability": "VCID-z94j-z575-4ydx" }, { "vulnerability": "VCID-zc2d-dx64-2yh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.11" } ], "aliases": [ "CVE-2013-0156", "GHSA-jmgw-6vjg-jjwg", "OSV-89026" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-puve-cp8z-zbdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37513?format=api", "vulnerability_id": "VCID-qmvt-9qth-77a6", "summary": "XSS Vulnerability in the `sanitize` helper\nThe `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70598", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70564", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70606", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70616", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1857", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1857" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921335", "reference_id": "921335", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921335" }, { "reference_url": "https://github.com/advisories/GHSA-j838-vfpq-fmf2", "reference_id": "GHSA-j838-vfpq-fmf2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j838-vfpq-fmf2" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51452?format=api", "purl": "pkg:gem/actionpack@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pzg-37dp-cyb1" }, { "vulnerability": "VCID-2p4p-apst-v3cq" }, { "vulnerability": "VCID-37qm-tp8v-tugb" }, { "vulnerability": "VCID-464e-wb3p-j3dn" }, { "vulnerability": "VCID-4uv1-e1me-hqb3" }, { "vulnerability": "VCID-5swj-xwsw-rkac" }, { "vulnerability": "VCID-75m1-xqdk-j7f3" }, { "vulnerability": "VCID-7spd-zybv-pbgm" }, { "vulnerability": "VCID-9t5z-1umq-qbe4" }, { "vulnerability": "VCID-9xc9-zvs2-1kde" }, { "vulnerability": "VCID-b1ph-gjaz-ayar" }, { "vulnerability": "VCID-b464-j8ja-hke6" }, { "vulnerability": "VCID-bcwq-ngna-fqhd" }, { "vulnerability": "VCID-bfqq-ypyw-dycj" }, { "vulnerability": "VCID-cbvq-4ze7-r3g6" }, { "vulnerability": "VCID-chxq-j9us-cygh" }, { "vulnerability": "VCID-egdx-4qqa-guh1" }, { "vulnerability": "VCID-f21a-143f-9qay" }, { "vulnerability": "VCID-f7bp-x4q3-jbeh" }, { "vulnerability": "VCID-fj3n-g8wp-bbaj" }, { "vulnerability": "VCID-ftus-vcww-2kgf" }, { "vulnerability": "VCID-gadc-jens-nuga" }, { "vulnerability": "VCID-ghj9-vyyr-tub8" }, { "vulnerability": "VCID-gqfj-qxbc-xqhm" }, { "vulnerability": "VCID-hdu6-u2pb-aqhp" }, { "vulnerability": "VCID-hxcf-k4te-h3gu" }, { "vulnerability": "VCID-jkk1-jx5j-q3ch" }, { "vulnerability": "VCID-kt2t-d3bx-jydv" }, { "vulnerability": "VCID-mf6k-jx45-m3fy" }, { "vulnerability": "VCID-n798-maqx-y3c9" }, { "vulnerability": "VCID-nhny-abkr-6qhb" }, { "vulnerability": "VCID-nprk-kfvh-vqfh" }, { "vulnerability": "VCID-nt1m-frdh-tbbq" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-qmvt-9qth-77a6" }, { "vulnerability": "VCID-sgjx-bz3r-9yam" }, { "vulnerability": "VCID-sw7t-5s3e-vkhx" }, { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-ugdk-t2vk-nkfc" }, { "vulnerability": "VCID-ujt2-es3k-67aq" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" }, { "vulnerability": "VCID-vex8-56fk-gqdf" }, { "vulnerability": "VCID-vp3u-cexw-57a4" }, { "vulnerability": "VCID-vv7c-uwnu-nfhb" }, { "vulnerability": "VCID-wake-zgkk-vber" }, { "vulnerability": "VCID-xee7-ge26-yfdc" }, { "vulnerability": "VCID-xvsy-e7fv-1ufe" }, { "vulnerability": "VCID-ypcy-hry9-5fa3" }, { "vulnerability": "VCID-z21g-8h32-yyf6" }, { "vulnerability": "VCID-z94j-z575-4ydx" }, { "vulnerability": "VCID-zc2d-dx64-2yh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13" } ], "aliases": [ "CVE-2013-1857", "GHSA-j838-vfpq-fmf2", "OSV-91454" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmvt-9qth-77a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37449?format=api", "vulnerability_id": "VCID-t9c8-r3yp-sbde", "summary": "Ruby on Rails Potential XSS Vulnerability in select_tag prompt\nWhen a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56419", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56369", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56425", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56431", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3463" }, { "reference_url": "https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3463", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3463" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847196", "reference_id": "847196", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847196" }, { "reference_url": "https://github.com/advisories/GHSA-98mf-8f57-64qf", "reference_id": "GHSA-98mf-8f57-64qf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98mf-8f57-64qf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51284?format=api", "purl": "pkg:gem/actionpack@3.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pzg-37dp-cyb1" }, { "vulnerability": "VCID-2p4p-apst-v3cq" }, { "vulnerability": "VCID-37qm-tp8v-tugb" }, { "vulnerability": "VCID-464e-wb3p-j3dn" }, { "vulnerability": "VCID-4uv1-e1me-hqb3" }, { "vulnerability": "VCID-5swj-xwsw-rkac" }, { "vulnerability": "VCID-75m1-xqdk-j7f3" }, { "vulnerability": "VCID-7spd-zybv-pbgm" }, { "vulnerability": "VCID-9t5z-1umq-qbe4" }, { "vulnerability": "VCID-9xc9-zvs2-1kde" }, { "vulnerability": "VCID-b1ph-gjaz-ayar" }, { "vulnerability": "VCID-b464-j8ja-hke6" }, { "vulnerability": "VCID-bcwq-ngna-fqhd" }, { "vulnerability": "VCID-bfqq-ypyw-dycj" }, { "vulnerability": "VCID-cbvq-4ze7-r3g6" }, { "vulnerability": "VCID-chxq-j9us-cygh" }, { "vulnerability": "VCID-egdx-4qqa-guh1" }, { "vulnerability": "VCID-f21a-143f-9qay" }, { "vulnerability": "VCID-f7bp-x4q3-jbeh" }, { "vulnerability": "VCID-fj3n-g8wp-bbaj" }, { "vulnerability": "VCID-ftus-vcww-2kgf" }, { "vulnerability": "VCID-gadc-jens-nuga" }, { "vulnerability": "VCID-ghj9-vyyr-tub8" }, { "vulnerability": "VCID-gqfj-qxbc-xqhm" }, { "vulnerability": "VCID-hdu6-u2pb-aqhp" }, { "vulnerability": "VCID-hxcf-k4te-h3gu" }, { "vulnerability": "VCID-jkk1-jx5j-q3ch" }, { "vulnerability": "VCID-kt2t-d3bx-jydv" }, { "vulnerability": "VCID-mf6k-jx45-m3fy" }, { "vulnerability": "VCID-n798-maqx-y3c9" }, { "vulnerability": "VCID-nhny-abkr-6qhb" }, { "vulnerability": "VCID-nprk-kfvh-vqfh" }, { "vulnerability": "VCID-nt1m-frdh-tbbq" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-puve-cp8z-zbdr" }, { "vulnerability": "VCID-qmvt-9qth-77a6" }, { "vulnerability": "VCID-sgjx-bz3r-9yam" }, { "vulnerability": "VCID-sw7t-5s3e-vkhx" }, { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-ugdk-t2vk-nkfc" }, { "vulnerability": "VCID-ujt2-es3k-67aq" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" }, { "vulnerability": "VCID-vex8-56fk-gqdf" }, { "vulnerability": "VCID-vp3u-cexw-57a4" }, { "vulnerability": "VCID-vv7c-uwnu-nfhb" }, { "vulnerability": "VCID-wake-zgkk-vber" }, { "vulnerability": "VCID-xee7-ge26-yfdc" }, { "vulnerability": "VCID-xvsy-e7fv-1ufe" }, { "vulnerability": "VCID-ypcy-hry9-5fa3" }, { "vulnerability": "VCID-z21g-8h32-yyf6" }, { "vulnerability": "VCID-z94j-z575-4ydx" }, { "vulnerability": "VCID-zc2d-dx64-2yh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8" } ], "aliases": [ "CVE-2012-3463", "GHSA-98mf-8f57-64qf", "OSV-84515" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9c8-r3yp-sbde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37428?format=api", "vulnerability_id": "VCID-wg66-q6wh-w7fe", "summary": "XSS via posted select tag options\nRuby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1099", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.61036", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.60991", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.6104", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.61048", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1099" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=799276", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=799276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099" }, { "reference_url": "https://github.com/advisories/GHSA-2xjj-5x6h-8vmf", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xjj-5x6h-8vmf" }, { "reference_url": "https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1099", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1099" }, { "reference_url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2466", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2466" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/02/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/02/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/03/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51246?format=api", "purl": "pkg:gem/actionpack@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pzg-37dp-cyb1" }, { "vulnerability": "VCID-2p4p-apst-v3cq" }, { "vulnerability": "VCID-37qm-tp8v-tugb" }, { "vulnerability": "VCID-464e-wb3p-j3dn" }, { "vulnerability": "VCID-4uv1-e1me-hqb3" }, { "vulnerability": "VCID-5swj-xwsw-rkac" }, { "vulnerability": "VCID-75m1-xqdk-j7f3" }, { "vulnerability": "VCID-7m31-x66p-3bha" }, { "vulnerability": "VCID-7spd-zybv-pbgm" }, { "vulnerability": "VCID-9t5z-1umq-qbe4" }, { "vulnerability": "VCID-9xc9-zvs2-1kde" }, { "vulnerability": "VCID-b1ph-gjaz-ayar" }, { "vulnerability": "VCID-b464-j8ja-hke6" }, { "vulnerability": "VCID-bcwq-ngna-fqhd" }, { "vulnerability": "VCID-bfqq-ypyw-dycj" }, { "vulnerability": "VCID-cbvq-4ze7-r3g6" }, { "vulnerability": "VCID-chxq-j9us-cygh" }, { "vulnerability": "VCID-dx34-zm9p-1ydc" }, { "vulnerability": "VCID-egdx-4qqa-guh1" }, { "vulnerability": "VCID-f21a-143f-9qay" }, { "vulnerability": "VCID-f7bp-x4q3-jbeh" }, { "vulnerability": "VCID-fj3n-g8wp-bbaj" }, { "vulnerability": "VCID-ftus-vcww-2kgf" }, { "vulnerability": "VCID-gadc-jens-nuga" }, { "vulnerability": "VCID-ghj9-vyyr-tub8" }, { "vulnerability": "VCID-gqfj-qxbc-xqhm" }, { "vulnerability": "VCID-hdu6-u2pb-aqhp" }, { "vulnerability": "VCID-hxcf-k4te-h3gu" }, { "vulnerability": "VCID-jkk1-jx5j-q3ch" }, { "vulnerability": "VCID-kt2t-d3bx-jydv" }, { "vulnerability": "VCID-mf6k-jx45-m3fy" }, { "vulnerability": "VCID-n798-maqx-y3c9" }, { "vulnerability": "VCID-nhny-abkr-6qhb" }, { "vulnerability": "VCID-nprk-kfvh-vqfh" }, { "vulnerability": "VCID-nt1m-frdh-tbbq" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-puve-cp8z-zbdr" }, { "vulnerability": "VCID-qmvt-9qth-77a6" }, { "vulnerability": "VCID-sgjx-bz3r-9yam" }, { "vulnerability": "VCID-sw7t-5s3e-vkhx" }, { "vulnerability": "VCID-t9c8-r3yp-sbde" }, { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-ugdk-t2vk-nkfc" }, { "vulnerability": "VCID-ujt2-es3k-67aq" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" }, { "vulnerability": "VCID-vex8-56fk-gqdf" }, { "vulnerability": "VCID-vp3u-cexw-57a4" }, { "vulnerability": "VCID-vv7c-uwnu-nfhb" }, { "vulnerability": "VCID-wake-zgkk-vber" }, { "vulnerability": "VCID-xee7-ge26-yfdc" }, { "vulnerability": "VCID-xvsy-e7fv-1ufe" }, { "vulnerability": "VCID-ypcy-hry9-5fa3" }, { "vulnerability": "VCID-z21g-8h32-yyf6" }, { "vulnerability": "VCID-z94j-z575-4ydx" }, { "vulnerability": "VCID-zc2d-dx64-2yh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.2" } ], "aliases": [ "CVE-2012-1099", "GHSA-2xjj-5x6h-8vmf", "OSV-79727" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wg66-q6wh-w7fe" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2" }