Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/75682?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/75682?format=api", "purl": "pkg:gem/activerecord@2.4", "type": "gem", "namespace": "", "name": "activerecord", "version": "2.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.1.5.2", "latest_non_vulnerable_version": "8.0.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39099?format=api", "vulnerability_id": "VCID-1mc1-zb64-yued", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nRuby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72155", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0448" }, { "reference_url": "http://secunia.com/advisories/43278", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43278" }, { "reference_url": "http://securitytracker.com/id?1025063", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1025063" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml" }, { "reference_url": "https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063" }, { "reference_url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0448", "reference_id": "CVE-2011-0448", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0448" }, { "reference_url": "https://github.com/advisories/GHSA-jmm9-2p29-vh2w", "reference_id": "GHSA-jmm9-2p29-vh2w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jmm9-2p29-vh2w" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54588?format=api", "purl": "pkg:gem/activerecord@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-cce9-3g2x-h3dt" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/157008?format=api", "purl": "pkg:gem/activerecord@3.0.5.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-cce9-3g2x-h3dt" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.5.rc1" } ], "aliases": [ "CVE-2011-0448", "GHSA-jmm9-2p29-vh2w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mc1-zb64-yued" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39070?format=api", "vulnerability_id": "VCID-8n6u-hbhg-7qdx", "summary": "Improper Input Validation\nRuby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3933", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72672", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3933" }, { "reference_url": "http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/41930" }, { "reference_url": "http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1024624" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae" }, { "reference_url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585" }, { "reference_url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930" }, { "reference_url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624" }, { "reference_url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2719", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/2719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933", "reference_id": "CVE-2010-3933", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml", "reference_id": "CVE-2010-3933.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf", "reference_id": "GHSA-gjxw-5w2q-7grf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54506?format=api", "purl": "pkg:gem/activerecord@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-cce9-3g2x-h3dt" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.1" } ], "aliases": [ "CVE-2010-3933", "GHSA-gjxw-5w2q-7grf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8n6u-hbhg-7qdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37443?format=api", "vulnerability_id": "VCID-cce9-3g2x-h3dt", "summary": "SQL injection vulnerability in Active Record\nDue to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00627", "scoring_system": "epss", "scoring_elements": "0.70611", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661" }, { "reference_url": "https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827363", "reference_id": "827363", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51269?format=api", "purl": "pkg:gem/activerecord@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/54482?format=api", "purl": "pkg:gem/activerecord@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-cce9-3g2x-h3dt" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51270?format=api", "purl": "pkg:gem/activerecord@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/157041?format=api", "purl": "pkg:gem/activerecord@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-cce9-3g2x-h3dt" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51271?format=api", "purl": "pkg:gem/activerecord@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4" } ], "aliases": [ "CVE-2012-2661", "GHSA-fh39-v733-mxfr", "OSV-82403" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cce9-3g2x-h3dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39062?format=api", "vulnerability_id": "VCID-gyv5-prcn-9qae", "summary": "activerecord vulnerable to SQL Injection\nMultiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76779", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2930" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731438", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731438" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2930", "reference_id": "CVE-2011-2930", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2930" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml", "reference_id": "CVE-2011-2930.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml" }, { "reference_url": "https://github.com/advisories/GHSA-h6w6-xmqv-7q78", "reference_id": "GHSA-h6w6-xmqv-7q78", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h6w6-xmqv-7q78" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54484?format=api", "purl": "pkg:gem/activerecord@3.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-cce9-3g2x-h3dt" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/54485?format=api", "purl": "pkg:gem/activerecord@3.1.0.rc5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-cce9-3g2x-h3dt" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.rc5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51267?format=api", "purl": "pkg:gem/activerecord@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-cce9-3g2x-h3dt" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0" } ], "aliases": [ "CVE-2011-2930", "GHSA-h6w6-xmqv-7q78" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gyv5-prcn-9qae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37489?format=api", "vulnerability_id": "VCID-mdeu-hayy-hqd1", "summary": "Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0\nThere is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91447", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0277" }, { "reference_url": "http://securitytracker.com/id?1028109", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1028109" }, { "reference_url": "https://github.com/rails/rails/tree/v6.1.4.1/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/v6.1.4.1/activerecord" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0277" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-0277", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-0277" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2620", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/11/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909633", "reference_id": "909633", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909633" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51267?format=api", "purl": "pkg:gem/activerecord@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-cce9-3g2x-h3dt" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0" } ], "aliases": [ "CVE-2013-0277", "GHSA-fhj9-cjjh-27vm", "OSV-90073" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mdeu-hayy-hqd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37488?format=api", "vulnerability_id": "VCID-sb81-8nm8-dudw", "summary": "Circumvention of attr_protected\nThe attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70033", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0276" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0276", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0276" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2620", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/11/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909528", "reference_id": "909528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909528" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0686", "reference_id": "RHSA-2013:0686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0686" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/120641?format=api", "purl": "pkg:gem/activerecord@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/157041?format=api", "purl": "pkg:gem/activerecord@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-cce9-3g2x-h3dt" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/120644?format=api", "purl": "pkg:gem/activerecord@3.2.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.12" } ], "aliases": [ "CVE-2013-0276", "GHSA-gr44-7grc-37vq", "OSV-90072" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sb81-8nm8-dudw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37480?format=api", "vulnerability_id": "VCID-wt9d-ejgc-ryg7", "summary": "Unsafe Query Generation Risk in Ruby on Rails\nDue to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with \"IS NULL\" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it.", "references": [ { "reference_url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95315", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0155" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0155" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2609", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2609" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892866", "reference_id": "892866", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892866" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51358?format=api", "purl": "pkg:gem/activerecord@3.0.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/54482?format=api", "purl": "pkg:gem/activerecord@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-cce9-3g2x-h3dt" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51359?format=api", "purl": "pkg:gem/activerecord@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/157041?format=api", "purl": "pkg:gem/activerecord@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-cce9-3g2x-h3dt" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51360?format=api", "purl": "pkg:gem/activerecord@3.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.11" } ], "aliases": [ "CVE-2013-0155", "GHSA-gppp-5xc5-wfpx", "OSV-89025" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wt9d-ejgc-ryg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37515?format=api", "vulnerability_id": "VCID-wu15-9j1q-17ag", "summary": "Symbol DoS vulnerability in Active Record\nWhen a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0699", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-1854" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.83107", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1854" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE" }, { "reference_url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1854" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51266?format=api", "purl": "pkg:gem/activerecord@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-cce9-3g2x-h3dt" }, { "vulnerability": "VCID-edf6-dek6-cfgz" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-mdeu-hayy-hqd1" }, { "vulnerability": "VCID-p6yg-d8wm-4bgz" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-sb81-8nm8-dudw" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wt9d-ejgc-ryg7" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/51456?format=api", "purl": "pkg:gem/activerecord@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/51457?format=api", "purl": "pkg:gem/activerecord@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mc1-zb64-yued" }, { "vulnerability": "VCID-1r7t-2v3e-bqa9" }, { "vulnerability": "VCID-79jn-p5u5-wqae" }, { "vulnerability": "VCID-7e6a-35vx-6ygj" }, { "vulnerability": "VCID-7vmk-ju1s-6qf2" }, { "vulnerability": "VCID-8n6u-hbhg-7qdx" }, { "vulnerability": "VCID-f3xg-8e57-f7d9" }, { "vulnerability": "VCID-gyv5-prcn-9qae" }, { "vulnerability": "VCID-kt5q-24cw-3faa" }, { "vulnerability": "VCID-pt1n-pq3j-jbg5" }, { "vulnerability": "VCID-rqsw-ndbm-xbfh" }, { "vulnerability": "VCID-wcvv-uw9g-nkdz" }, { "vulnerability": "VCID-wu15-9j1q-17ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.13" } ], "aliases": [ "CVE-2013-1854", "GHSA-3crr-9vmg-864v", "OSV-91453" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wu15-9j1q-17ag" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.4" }