Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/activerecord@2.4
Typegem
Namespace
Nameactiverecord
Version2.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.1.5.2
Latest_non_vulnerable_version8.0.2.1
Affected_by_vulnerabilities
0
url VCID-1mc1-zb64-yued
vulnerability_id VCID-1mc1-zb64-yued
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0448
reference_id
reference_type
scores
0
value 0.00689
scoring_system epss
scoring_elements 0.72155
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0448
3
reference_url http://secunia.com/advisories/43278
reference_id
reference_type
scores
url http://secunia.com/advisories/43278
4
reference_url http://securitytracker.com/id?1025063
reference_id
reference_type
scores
url http://securitytracker.com/id?1025063
5
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
6
reference_url https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
8
reference_url https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063
9
reference_url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
10
reference_url http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0877
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0448
reference_id CVE-2011-0448
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0448
12
reference_url https://github.com/advisories/GHSA-jmm9-2p29-vh2w
reference_id GHSA-jmm9-2p29-vh2w
reference_type
scores
url https://github.com/advisories/GHSA-jmm9-2p29-vh2w
13
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/activerecord@3.0.4
purl pkg:gem/activerecord@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-7e6a-35vx-6ygj
3
vulnerability VCID-7vmk-ju1s-6qf2
4
vulnerability VCID-8n6u-hbhg-7qdx
5
vulnerability VCID-cce9-3g2x-h3dt
6
vulnerability VCID-edf6-dek6-cfgz
7
vulnerability VCID-f3xg-8e57-f7d9
8
vulnerability VCID-gyv5-prcn-9qae
9
vulnerability VCID-kt5q-24cw-3faa
10
vulnerability VCID-mdeu-hayy-hqd1
11
vulnerability VCID-p6yg-d8wm-4bgz
12
vulnerability VCID-pt1n-pq3j-jbg5
13
vulnerability VCID-rqsw-ndbm-xbfh
14
vulnerability VCID-sb81-8nm8-dudw
15
vulnerability VCID-wcvv-uw9g-nkdz
16
vulnerability VCID-wt9d-ejgc-ryg7
17
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.4
1
url pkg:gem/activerecord@3.0.5.rc1
purl pkg:gem/activerecord@3.0.5.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-7e6a-35vx-6ygj
3
vulnerability VCID-7vmk-ju1s-6qf2
4
vulnerability VCID-8n6u-hbhg-7qdx
5
vulnerability VCID-cce9-3g2x-h3dt
6
vulnerability VCID-edf6-dek6-cfgz
7
vulnerability VCID-f3xg-8e57-f7d9
8
vulnerability VCID-gyv5-prcn-9qae
9
vulnerability VCID-kt5q-24cw-3faa
10
vulnerability VCID-mdeu-hayy-hqd1
11
vulnerability VCID-p6yg-d8wm-4bgz
12
vulnerability VCID-pt1n-pq3j-jbg5
13
vulnerability VCID-rqsw-ndbm-xbfh
14
vulnerability VCID-sb81-8nm8-dudw
15
vulnerability VCID-wcvv-uw9g-nkdz
16
vulnerability VCID-wt9d-ejgc-ryg7
17
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.5.rc1
aliases CVE-2011-0448, GHSA-jmm9-2p29-vh2w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mc1-zb64-yued
1
url VCID-8n6u-hbhg-7qdx
vulnerability_id VCID-8n6u-hbhg-7qdx
summary 
Improper Input Validation
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-3933
reference_id
reference_type
scores
0
value 0.00712
scoring_system epss
scoring_elements 0.72672
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-3933
1
reference_url http://secunia.com/advisories/41930
reference_id
reference_type
scores
url http://secunia.com/advisories/41930
2
reference_url http://securitytracker.com/id?1024624
reference_id
reference_type
scores
url http://securitytracker.com/id?1024624
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae
5
reference_url https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585
6
reference_url https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html
7
reference_url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930
8
reference_url https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624
9
reference_url http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0
10
reference_url http://www.vupen.com/english/advisories/2010/2719
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2010/2719
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-3933
reference_id CVE-2010-3933
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-3933
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml
reference_id CVE-2010-3933.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml
13
reference_url https://github.com/advisories/GHSA-gjxw-5w2q-7grf
reference_id GHSA-gjxw-5w2q-7grf
reference_type
scores
url https://github.com/advisories/GHSA-gjxw-5w2q-7grf
14
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/activerecord@3.0.1
purl pkg:gem/activerecord@3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-7e6a-35vx-6ygj
3
vulnerability VCID-7vmk-ju1s-6qf2
4
vulnerability VCID-8n6u-hbhg-7qdx
5
vulnerability VCID-cce9-3g2x-h3dt
6
vulnerability VCID-edf6-dek6-cfgz
7
vulnerability VCID-f3xg-8e57-f7d9
8
vulnerability VCID-gyv5-prcn-9qae
9
vulnerability VCID-kt5q-24cw-3faa
10
vulnerability VCID-mdeu-hayy-hqd1
11
vulnerability VCID-p6yg-d8wm-4bgz
12
vulnerability VCID-pt1n-pq3j-jbg5
13
vulnerability VCID-rqsw-ndbm-xbfh
14
vulnerability VCID-sb81-8nm8-dudw
15
vulnerability VCID-wcvv-uw9g-nkdz
16
vulnerability VCID-wt9d-ejgc-ryg7
17
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.1
aliases CVE-2010-3933, GHSA-gjxw-5w2q-7grf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8n6u-hbhg-7qdx
2
url VCID-cce9-3g2x-h3dt
vulnerability_id VCID-cce9-3g2x-h3dt
summary 
SQL injection vulnerability in Active Record
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2661
reference_id
reference_type
scores
0
value 0.00627
scoring_system epss
scoring_elements 0.70611
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2661
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
7
reference_url https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
9
reference_url https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2661
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2661
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=827363
reference_id 827363
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=827363
12
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
13
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/activerecord@3.0.13
purl pkg:gem/activerecord@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-7e6a-35vx-6ygj
3
vulnerability VCID-7vmk-ju1s-6qf2
4
vulnerability VCID-8n6u-hbhg-7qdx
5
vulnerability VCID-edf6-dek6-cfgz
6
vulnerability VCID-f3xg-8e57-f7d9
7
vulnerability VCID-gyv5-prcn-9qae
8
vulnerability VCID-kt5q-24cw-3faa
9
vulnerability VCID-mdeu-hayy-hqd1
10
vulnerability VCID-pt1n-pq3j-jbg5
11
vulnerability VCID-rqsw-ndbm-xbfh
12
vulnerability VCID-sb81-8nm8-dudw
13
vulnerability VCID-wcvv-uw9g-nkdz
14
vulnerability VCID-wt9d-ejgc-ryg7
15
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13
1
url pkg:gem/activerecord@3.1.0.beta1
purl pkg:gem/activerecord@3.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-cce9-3g2x-h3dt
7
vulnerability VCID-edf6-dek6-cfgz
8
vulnerability VCID-f3xg-8e57-f7d9
9
vulnerability VCID-gyv5-prcn-9qae
10
vulnerability VCID-kt5q-24cw-3faa
11
vulnerability VCID-mdeu-hayy-hqd1
12
vulnerability VCID-p6yg-d8wm-4bgz
13
vulnerability VCID-pt1n-pq3j-jbg5
14
vulnerability VCID-rqsw-ndbm-xbfh
15
vulnerability VCID-sb81-8nm8-dudw
16
vulnerability VCID-wcvv-uw9g-nkdz
17
vulnerability VCID-wt9d-ejgc-ryg7
18
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1
2
url pkg:gem/activerecord@3.1.5
purl pkg:gem/activerecord@3.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-edf6-dek6-cfgz
7
vulnerability VCID-f3xg-8e57-f7d9
8
vulnerability VCID-gyv5-prcn-9qae
9
vulnerability VCID-kt5q-24cw-3faa
10
vulnerability VCID-mdeu-hayy-hqd1
11
vulnerability VCID-pt1n-pq3j-jbg5
12
vulnerability VCID-rqsw-ndbm-xbfh
13
vulnerability VCID-sb81-8nm8-dudw
14
vulnerability VCID-wcvv-uw9g-nkdz
15
vulnerability VCID-wt9d-ejgc-ryg7
16
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5
3
url pkg:gem/activerecord@3.2.0.rc1
purl pkg:gem/activerecord@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-cce9-3g2x-h3dt
7
vulnerability VCID-edf6-dek6-cfgz
8
vulnerability VCID-f3xg-8e57-f7d9
9
vulnerability VCID-gyv5-prcn-9qae
10
vulnerability VCID-kt5q-24cw-3faa
11
vulnerability VCID-mdeu-hayy-hqd1
12
vulnerability VCID-p6yg-d8wm-4bgz
13
vulnerability VCID-pt1n-pq3j-jbg5
14
vulnerability VCID-rqsw-ndbm-xbfh
15
vulnerability VCID-sb81-8nm8-dudw
16
vulnerability VCID-wcvv-uw9g-nkdz
17
vulnerability VCID-wt9d-ejgc-ryg7
18
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1
4
url pkg:gem/activerecord@3.2.4
purl pkg:gem/activerecord@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-edf6-dek6-cfgz
7
vulnerability VCID-f3xg-8e57-f7d9
8
vulnerability VCID-gyv5-prcn-9qae
9
vulnerability VCID-kt5q-24cw-3faa
10
vulnerability VCID-mdeu-hayy-hqd1
11
vulnerability VCID-pt1n-pq3j-jbg5
12
vulnerability VCID-rqsw-ndbm-xbfh
13
vulnerability VCID-sb81-8nm8-dudw
14
vulnerability VCID-wcvv-uw9g-nkdz
15
vulnerability VCID-wt9d-ejgc-ryg7
16
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4
aliases CVE-2012-2661, GHSA-fh39-v733-mxfr, OSV-82403
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cce9-3g2x-h3dt
3
url VCID-gyv5-prcn-9qae
vulnerability_id VCID-gyv5-prcn-9qae
summary 
activerecord vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2930
reference_id
reference_type
scores
0
value 0.00955
scoring_system epss
scoring_elements 0.76779
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2930
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=731438
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=731438
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85
6
reference_url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
7
reference_url http://www.debian.org/security/2011/dsa-2301
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2301
8
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
9
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
10
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
11
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
12
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
13
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2930
reference_id CVE-2011-2930
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2930
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml
reference_id CVE-2011-2930.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml
16
reference_url https://github.com/advisories/GHSA-h6w6-xmqv-7q78
reference_id GHSA-h6w6-xmqv-7q78
reference_type
scores
url https://github.com/advisories/GHSA-h6w6-xmqv-7q78
17
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/activerecord@3.0.10
purl pkg:gem/activerecord@3.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-7e6a-35vx-6ygj
3
vulnerability VCID-7vmk-ju1s-6qf2
4
vulnerability VCID-8n6u-hbhg-7qdx
5
vulnerability VCID-cce9-3g2x-h3dt
6
vulnerability VCID-edf6-dek6-cfgz
7
vulnerability VCID-f3xg-8e57-f7d9
8
vulnerability VCID-gyv5-prcn-9qae
9
vulnerability VCID-kt5q-24cw-3faa
10
vulnerability VCID-mdeu-hayy-hqd1
11
vulnerability VCID-p6yg-d8wm-4bgz
12
vulnerability VCID-pt1n-pq3j-jbg5
13
vulnerability VCID-rqsw-ndbm-xbfh
14
vulnerability VCID-sb81-8nm8-dudw
15
vulnerability VCID-wcvv-uw9g-nkdz
16
vulnerability VCID-wt9d-ejgc-ryg7
17
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.10
1
url pkg:gem/activerecord@3.1.0.rc5
purl pkg:gem/activerecord@3.1.0.rc5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-cce9-3g2x-h3dt
7
vulnerability VCID-edf6-dek6-cfgz
8
vulnerability VCID-f3xg-8e57-f7d9
9
vulnerability VCID-gyv5-prcn-9qae
10
vulnerability VCID-kt5q-24cw-3faa
11
vulnerability VCID-mdeu-hayy-hqd1
12
vulnerability VCID-p6yg-d8wm-4bgz
13
vulnerability VCID-pt1n-pq3j-jbg5
14
vulnerability VCID-rqsw-ndbm-xbfh
15
vulnerability VCID-sb81-8nm8-dudw
16
vulnerability VCID-wcvv-uw9g-nkdz
17
vulnerability VCID-wt9d-ejgc-ryg7
18
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.rc5
2
url pkg:gem/activerecord@3.1.0
purl pkg:gem/activerecord@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-cce9-3g2x-h3dt
7
vulnerability VCID-edf6-dek6-cfgz
8
vulnerability VCID-f3xg-8e57-f7d9
9
vulnerability VCID-gyv5-prcn-9qae
10
vulnerability VCID-kt5q-24cw-3faa
11
vulnerability VCID-mdeu-hayy-hqd1
12
vulnerability VCID-p6yg-d8wm-4bgz
13
vulnerability VCID-pt1n-pq3j-jbg5
14
vulnerability VCID-rqsw-ndbm-xbfh
15
vulnerability VCID-sb81-8nm8-dudw
16
vulnerability VCID-wcvv-uw9g-nkdz
17
vulnerability VCID-wt9d-ejgc-ryg7
18
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0
aliases CVE-2011-2930, GHSA-h6w6-xmqv-7q78
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gyv5-prcn-9qae
4
url VCID-mdeu-hayy-hqd1
vulnerability_id VCID-mdeu-hayy-hqd1
summary 
Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0
There is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities.
references
0
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0277
reference_id
reference_type
scores
0
value 0.06742
scoring_system epss
scoring_elements 0.91447
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0277
4
reference_url http://securitytracker.com/id?1028109
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://securitytracker.com/id?1028109
5
reference_url https://github.com/rails/rails/tree/v6.1.4.1/activerecord
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/tree/v6.1.4.1/activerecord
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml
7
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU
8
reference_url https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0277
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0277
10
reference_url https://puppet.com/security/cve/cve-2013-0277
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2013-0277
11
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
12
reference_url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
13
reference_url http://www.debian.org/security/2013/dsa-2620
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2620
14
reference_url http://www.openwall.com/lists/oss-security/2013/02/11/6
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/11/6
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=909633
reference_id 909633
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=909633
16
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/activerecord@3.1.0
purl pkg:gem/activerecord@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-cce9-3g2x-h3dt
7
vulnerability VCID-edf6-dek6-cfgz
8
vulnerability VCID-f3xg-8e57-f7d9
9
vulnerability VCID-gyv5-prcn-9qae
10
vulnerability VCID-kt5q-24cw-3faa
11
vulnerability VCID-mdeu-hayy-hqd1
12
vulnerability VCID-p6yg-d8wm-4bgz
13
vulnerability VCID-pt1n-pq3j-jbg5
14
vulnerability VCID-rqsw-ndbm-xbfh
15
vulnerability VCID-sb81-8nm8-dudw
16
vulnerability VCID-wcvv-uw9g-nkdz
17
vulnerability VCID-wt9d-ejgc-ryg7
18
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0
aliases CVE-2013-0277, GHSA-fhj9-cjjh-27vm, OSV-90073
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mdeu-hayy-hqd1
5
url VCID-sb81-8nm8-dudw
vulnerability_id VCID-sb81-8nm8-dudw
summary 
Circumvention of attr_protected
The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.
references
0
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0686.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0686.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0276
reference_id
reference_type
scores
0
value 0.00606
scoring_system epss
scoring_elements 0.70033
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0276
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml
6
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8
7
reference_url https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0276
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0276
9
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
10
reference_url https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896
11
reference_url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
12
reference_url http://www.debian.org/security/2013/dsa-2620
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2620
13
reference_url http://www.openwall.com/lists/oss-security/2013/02/11/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/11/5
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=909528
reference_id 909528
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=909528
15
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
16
reference_url https://access.redhat.com/errata/RHSA-2013:0686
reference_id RHSA-2013:0686
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0686
fixed_packages
0
url pkg:gem/activerecord@3.1.11
purl pkg:gem/activerecord@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-f3xg-8e57-f7d9
7
vulnerability VCID-gyv5-prcn-9qae
8
vulnerability VCID-kt5q-24cw-3faa
9
vulnerability VCID-pt1n-pq3j-jbg5
10
vulnerability VCID-rqsw-ndbm-xbfh
11
vulnerability VCID-wcvv-uw9g-nkdz
12
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.11
1
url pkg:gem/activerecord@3.2.0.rc1
purl pkg:gem/activerecord@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-cce9-3g2x-h3dt
7
vulnerability VCID-edf6-dek6-cfgz
8
vulnerability VCID-f3xg-8e57-f7d9
9
vulnerability VCID-gyv5-prcn-9qae
10
vulnerability VCID-kt5q-24cw-3faa
11
vulnerability VCID-mdeu-hayy-hqd1
12
vulnerability VCID-p6yg-d8wm-4bgz
13
vulnerability VCID-pt1n-pq3j-jbg5
14
vulnerability VCID-rqsw-ndbm-xbfh
15
vulnerability VCID-sb81-8nm8-dudw
16
vulnerability VCID-wcvv-uw9g-nkdz
17
vulnerability VCID-wt9d-ejgc-ryg7
18
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1
2
url pkg:gem/activerecord@3.2.12
purl pkg:gem/activerecord@3.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-f3xg-8e57-f7d9
7
vulnerability VCID-gyv5-prcn-9qae
8
vulnerability VCID-kt5q-24cw-3faa
9
vulnerability VCID-pt1n-pq3j-jbg5
10
vulnerability VCID-rqsw-ndbm-xbfh
11
vulnerability VCID-wcvv-uw9g-nkdz
12
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.12
aliases CVE-2013-0276, GHSA-gr44-7grc-37vq, OSV-90072
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sb81-8nm8-dudw
6
url VCID-wt9d-ejgc-ryg7
vulnerability_id VCID-wt9d-ejgc-ryg7
summary 
Unsafe Query Generation Risk in Ruby on Rails
Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it.
references
0
reference_url http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
1
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0155
reference_id
reference_type
scores
0
value 0.18174
scoring_system epss
scoring_elements 0.95315
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0155
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml
10
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI
11
reference_url https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0155
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0155
13
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
14
reference_url http://www.debian.org/security/2013/dsa-2609
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2609
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=892866
reference_id 892866
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=892866
16
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
17
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
18
reference_url https://access.redhat.com/errata/RHSA-2013:0155
reference_id RHSA-2013:0155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0155
fixed_packages
0
url pkg:gem/activerecord@3.0.19
purl pkg:gem/activerecord@3.0.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-7e6a-35vx-6ygj
3
vulnerability VCID-7vmk-ju1s-6qf2
4
vulnerability VCID-8n6u-hbhg-7qdx
5
vulnerability VCID-f3xg-8e57-f7d9
6
vulnerability VCID-gyv5-prcn-9qae
7
vulnerability VCID-kt5q-24cw-3faa
8
vulnerability VCID-mdeu-hayy-hqd1
9
vulnerability VCID-pt1n-pq3j-jbg5
10
vulnerability VCID-rqsw-ndbm-xbfh
11
vulnerability VCID-sb81-8nm8-dudw
12
vulnerability VCID-wcvv-uw9g-nkdz
13
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.19
1
url pkg:gem/activerecord@3.1.0.beta1
purl pkg:gem/activerecord@3.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-cce9-3g2x-h3dt
7
vulnerability VCID-edf6-dek6-cfgz
8
vulnerability VCID-f3xg-8e57-f7d9
9
vulnerability VCID-gyv5-prcn-9qae
10
vulnerability VCID-kt5q-24cw-3faa
11
vulnerability VCID-mdeu-hayy-hqd1
12
vulnerability VCID-p6yg-d8wm-4bgz
13
vulnerability VCID-pt1n-pq3j-jbg5
14
vulnerability VCID-rqsw-ndbm-xbfh
15
vulnerability VCID-sb81-8nm8-dudw
16
vulnerability VCID-wcvv-uw9g-nkdz
17
vulnerability VCID-wt9d-ejgc-ryg7
18
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1
2
url pkg:gem/activerecord@3.1.10
purl pkg:gem/activerecord@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-f3xg-8e57-f7d9
7
vulnerability VCID-gyv5-prcn-9qae
8
vulnerability VCID-kt5q-24cw-3faa
9
vulnerability VCID-mdeu-hayy-hqd1
10
vulnerability VCID-pt1n-pq3j-jbg5
11
vulnerability VCID-rqsw-ndbm-xbfh
12
vulnerability VCID-sb81-8nm8-dudw
13
vulnerability VCID-wcvv-uw9g-nkdz
14
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.10
3
url pkg:gem/activerecord@3.2.0.rc1
purl pkg:gem/activerecord@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-cce9-3g2x-h3dt
7
vulnerability VCID-edf6-dek6-cfgz
8
vulnerability VCID-f3xg-8e57-f7d9
9
vulnerability VCID-gyv5-prcn-9qae
10
vulnerability VCID-kt5q-24cw-3faa
11
vulnerability VCID-mdeu-hayy-hqd1
12
vulnerability VCID-p6yg-d8wm-4bgz
13
vulnerability VCID-pt1n-pq3j-jbg5
14
vulnerability VCID-rqsw-ndbm-xbfh
15
vulnerability VCID-sb81-8nm8-dudw
16
vulnerability VCID-wcvv-uw9g-nkdz
17
vulnerability VCID-wt9d-ejgc-ryg7
18
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1
4
url pkg:gem/activerecord@3.2.11
purl pkg:gem/activerecord@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-f3xg-8e57-f7d9
7
vulnerability VCID-gyv5-prcn-9qae
8
vulnerability VCID-kt5q-24cw-3faa
9
vulnerability VCID-mdeu-hayy-hqd1
10
vulnerability VCID-pt1n-pq3j-jbg5
11
vulnerability VCID-rqsw-ndbm-xbfh
12
vulnerability VCID-sb81-8nm8-dudw
13
vulnerability VCID-wcvv-uw9g-nkdz
14
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.11
aliases CVE-2013-0155, GHSA-gppp-5xc5-wfpx, OSV-89025
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wt9d-ejgc-ryg7
7
url VCID-wu15-9j1q-17ag
vulnerability_id VCID-wu15-9j1q-17ag
summary 
Symbol DoS vulnerability in Active Record
When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately.
references
0
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
1
reference_url http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html
6
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2013-0699.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0699.html
8
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
9
reference_url https://access.redhat.com/errata/RHSA-2013:0699
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0699
10
reference_url https://access.redhat.com/errata/RHSA-2014:1863
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1863
11
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json
12
reference_url https://access.redhat.com/security/cve/CVE-2013-1854
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-1854
13
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1854
reference_id
reference_type
scores
0
value 0.01795
scoring_system epss
scoring_elements 0.83107
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1854
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=921329
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=921329
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml
16
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE
17
reference_url https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1854
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1854
19
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
20
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
21
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/activerecord@3.0.0
purl pkg:gem/activerecord@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-cce9-3g2x-h3dt
7
vulnerability VCID-edf6-dek6-cfgz
8
vulnerability VCID-f3xg-8e57-f7d9
9
vulnerability VCID-gyv5-prcn-9qae
10
vulnerability VCID-kt5q-24cw-3faa
11
vulnerability VCID-mdeu-hayy-hqd1
12
vulnerability VCID-p6yg-d8wm-4bgz
13
vulnerability VCID-pt1n-pq3j-jbg5
14
vulnerability VCID-rqsw-ndbm-xbfh
15
vulnerability VCID-sb81-8nm8-dudw
16
vulnerability VCID-wcvv-uw9g-nkdz
17
vulnerability VCID-wt9d-ejgc-ryg7
18
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.0
1
url pkg:gem/activerecord@3.1.12
purl pkg:gem/activerecord@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-f3xg-8e57-f7d9
7
vulnerability VCID-gyv5-prcn-9qae
8
vulnerability VCID-kt5q-24cw-3faa
9
vulnerability VCID-pt1n-pq3j-jbg5
10
vulnerability VCID-rqsw-ndbm-xbfh
11
vulnerability VCID-wcvv-uw9g-nkdz
12
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.12
2
url pkg:gem/activerecord@3.2.13
purl pkg:gem/activerecord@3.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-1r7t-2v3e-bqa9
2
vulnerability VCID-79jn-p5u5-wqae
3
vulnerability VCID-7e6a-35vx-6ygj
4
vulnerability VCID-7vmk-ju1s-6qf2
5
vulnerability VCID-8n6u-hbhg-7qdx
6
vulnerability VCID-f3xg-8e57-f7d9
7
vulnerability VCID-gyv5-prcn-9qae
8
vulnerability VCID-kt5q-24cw-3faa
9
vulnerability VCID-pt1n-pq3j-jbg5
10
vulnerability VCID-rqsw-ndbm-xbfh
11
vulnerability VCID-wcvv-uw9g-nkdz
12
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.13
aliases CVE-2013-1854, GHSA-3crr-9vmg-864v, OSV-91453
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wu15-9j1q-17ag
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.4