Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionview@6.0.0.beta3
Typegem
Namespace
Nameactionview
Version6.0.0.beta3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.1.7.3
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-19fr-55kr-hyax
vulnerability_id VCID-19fr-55kr-hyax
summary 
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0.

There is a potential DOM based cross-site scripting issue in rails-ujs
which leverages the Clipboard API to target HTML elements that are
assigned the contenteditable attribute. This has the potential to
occur when pasting malicious HTML content from the clipboard that
includes a data-method, data-remote or data-disable-with attribute.

This vulnerability has been assigned the CVE identifier CVE-2023-23913.

Not affected: < 5.1.0
Versions Affected: >= 5.1.0
Fixed Versions: 6.1.7.3, 7.0.4.3

Impact
If the specified malicious HTML clipboard content is provided to a
contenteditable element, this could result in the arbitrary execution
of javascript on the origin in question.

Releases
The FIXED releases are available at the normal locations.

Workarounds
We recommend that all users upgrade to one of the FIXED versions.
In the meantime, users can attempt to mitigate this vulnerability
by removing the contenteditable attribute from elements in pages
that rails-ujs will interact with.

Patches
To aid users who aren’t able to upgrade immediately we have provided
patches for the two supported release series. They are in git-am
format and consist of a single changeset.

* rails-ujs-data-method-contenteditable-6-1.patch - Patch for 6.1 series
* rails-ujs-data-method-contenteditable-7-0.patch - Patch for 7.0 series

Please note that only the 7.0.Z and 6.1.Z series are
supported at present, and 6.0.Z for severe vulnerabilities.

Users of earlier unsupported releases are advised to upgrade as
soon as possible as we cannot guarantee the continued availability
of security fixes for unsupported releases.

Credits
We would like to thank ryotak 15 for reporting this!

* rails-ujs-data-method-contenteditable-6-1.patch (8.5 KB)
* rails-ujs-data-method-contenteditable-7-0.patch (8.5 KB)
* rails-ujs-data-method-contenteditable-main.patch (8.9 KB)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23913
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.30179
published_at 2026-04-13T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.30226
published_at 2026-04-12T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.30269
published_at 2026-04-11T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.30265
published_at 2026-04-09T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.3023
published_at 2026-04-08T12:55:00Z
5
value 0.00115
scoring_system epss
scoring_elements 0.3017
published_at 2026-04-07T12:55:00Z
6
value 0.00115
scoring_system epss
scoring_elements 0.30353
published_at 2026-04-04T12:55:00Z
7
value 0.00115
scoring_system epss
scoring_elements 0.30304
published_at 2026-04-02T12:55:00Z
8
value 0.00152
scoring_system epss
scoring_elements 0.35918
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23913
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120
5
reference_url https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/
url https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/
url https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd
9
reference_url https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214
10
reference_url https://security.netapp.com/advisory/ntap-20240605-0007
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240605-0007
11
reference_url https://www.debian.org/security/2023/dsa-5389
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/
url https://www.debian.org/security/2023/dsa-5389
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182160
reference_id 2182160
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2182160
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23913
reference_id CVE-2023-23913
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23913
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml
reference_id CVE-2023-23913.YML
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml
15
reference_url https://github.com/advisories/GHSA-xp5h-f8jf-rc8q
reference_id GHSA-xp5h-f8jf-rc8q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xp5h-f8jf-rc8q
16
reference_url https://security.netapp.com/advisory/ntap-20240605-0007/
reference_id ntap-20240605-0007
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/
url https://security.netapp.com/advisory/ntap-20240605-0007/
fixed_packages
0
url pkg:gem/actionview@6.1.7.3
purl pkg:gem/actionview@6.1.7.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.1.7.3
1
url pkg:gem/actionview@7.0.4.3
purl pkg:gem/actionview@7.0.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@7.0.4.3
aliases CVE-2023-23913, GHSA-xp5h-f8jf-rc8q
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19fr-55kr-hyax
1
url VCID-es1t-7196-4kbb
vulnerability_id VCID-es1t-7196-4kbb
summary 
CSRF Vulnerability in rails-ujs
There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains.

Versions Affected:  rails <= 6.0.3
Not affected:       Applications which don't use rails-ujs.
Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1

Impact
------

This is a regression of CVE-2015-1840.

In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to a cross-origin URL, and the CSRF token will be sent.

Workarounds
-----------

To work around this problem, change code that allows users to control the href attribute of an anchor tag or the action attribute of a form tag to filter the user parameters.

For example, code like this:

    link_to params

to code like this:

    link_to filtered_params

    def filtered_params
      # Filter just the parameters that you trust
    end
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8167
reference_id
reference_type
scores
0
value 0.00592
scoring_system epss
scoring_elements 0.69281
published_at 2026-04-16T12:55:00Z
1
value 0.00592
scoring_system epss
scoring_elements 0.69242
published_at 2026-04-13T12:55:00Z
2
value 0.00592
scoring_system epss
scoring_elements 0.69271
published_at 2026-04-12T12:55:00Z
3
value 0.00592
scoring_system epss
scoring_elements 0.69285
published_at 2026-04-11T12:55:00Z
4
value 0.00592
scoring_system epss
scoring_elements 0.69177
published_at 2026-04-01T12:55:00Z
5
value 0.00592
scoring_system epss
scoring_elements 0.69245
published_at 2026-04-08T12:55:00Z
6
value 0.00592
scoring_system epss
scoring_elements 0.69195
published_at 2026-04-07T12:55:00Z
7
value 0.00592
scoring_system epss
scoring_elements 0.69213
published_at 2026-04-04T12:55:00Z
8
value 0.00592
scoring_system epss
scoring_elements 0.69192
published_at 2026-04-02T12:55:00Z
9
value 0.00592
scoring_system epss
scoring_elements 0.69263
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8167
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml
10
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
11
reference_url https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0
12
reference_url https://hackerone.com/reports/189878
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/189878
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8167
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8167
14
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4766
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843084
reference_id 1843084
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843084
16
reference_url https://github.com/advisories/GHSA-xq5j-gw7f-jgj8
reference_id GHSA-xq5j-gw7f-jgj8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xq5j-gw7f-jgj8
17
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/actionview@6.0.3.1
purl pkg:gem/actionview@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19fr-55kr-hyax
1
vulnerability VCID-31xv-z8c6-a7bg
2
vulnerability VCID-p5mc-r1rg-5ff7
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.0.3.1
aliases CVE-2020-8167, GHSA-xq5j-gw7f-jgj8
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-es1t-7196-4kbb
Fixing_vulnerabilities
0
url VCID-c8b5-d83n-nuhw
vulnerability_id VCID-c8b5-d83n-nuhw
summary 
Allocation of Resources Without Limits or Throttling
There is a possible denial of service vulnerability in Action View (Rails)  where specially crafted accept headers can cause action view to consume % cpu and make the server unresponsive.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html
3
reference_url https://access.redhat.com/errata/RHSA-2019:0796
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0796
4
reference_url https://access.redhat.com/errata/RHSA-2019:1147
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1147
5
reference_url https://access.redhat.com/errata/RHSA-2019:1149
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1149
6
reference_url https://access.redhat.com/errata/RHSA-2019:1289
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1289
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5419
reference_id
reference_type
scores
0
value 0.12118
scoring_system epss
scoring_elements 0.93825
published_at 2026-04-16T12:55:00Z
1
value 0.12118
scoring_system epss
scoring_elements 0.93764
published_at 2026-04-01T12:55:00Z
2
value 0.12118
scoring_system epss
scoring_elements 0.93773
published_at 2026-04-02T12:55:00Z
3
value 0.12118
scoring_system epss
scoring_elements 0.93783
published_at 2026-04-04T12:55:00Z
4
value 0.12118
scoring_system epss
scoring_elements 0.93787
published_at 2026-04-07T12:55:00Z
5
value 0.12118
scoring_system epss
scoring_elements 0.93795
published_at 2026-04-08T12:55:00Z
6
value 0.12118
scoring_system epss
scoring_elements 0.93798
published_at 2026-04-09T12:55:00Z
7
value 0.12118
scoring_system epss
scoring_elements 0.93803
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5419
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
12
reference_url https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715
13
reference_url https://github.com/rails/rails/pull/35708
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/pull/35708
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml
15
reference_url https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI
16
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI
17
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
21
reference_url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
22
reference_url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
reference_id
reference_type
scores
url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
23
reference_url http://www.openwall.com/lists/oss-security/2019/03/22/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/03/22/1
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1689160
reference_id 1689160
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1689160
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
reference_id 924520
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5419
reference_id CVE-2019-5419
reference_type
scores
0
value 7.8
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:C
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5419
35
reference_url https://github.com/advisories/GHSA-m63j-wh5w-c252
reference_id GHSA-m63j-wh5w-c252
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m63j-wh5w-c252
fixed_packages
0
url pkg:gem/actionview@4.2.11.1
purl pkg:gem/actionview@4.2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31xv-z8c6-a7bg
1
vulnerability VCID-es1t-7196-4kbb
2
vulnerability VCID-g5q6-7uav-sqh1
3
vulnerability VCID-p5mc-r1rg-5ff7
4
vulnerability VCID-v9mt-t1pb-hybk
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@4.2.11.1
1
url pkg:gem/actionview@5.0.7.2
purl pkg:gem/actionview@5.0.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31xv-z8c6-a7bg
1
vulnerability VCID-es1t-7196-4kbb
2
vulnerability VCID-p5mc-r1rg-5ff7
3
vulnerability VCID-v9mt-t1pb-hybk
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.0.7.2
2
url pkg:gem/actionview@5.1.6.2
purl pkg:gem/actionview@5.1.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19fr-55kr-hyax
1
vulnerability VCID-31xv-z8c6-a7bg
2
vulnerability VCID-es1t-7196-4kbb
3
vulnerability VCID-p5mc-r1rg-5ff7
4
vulnerability VCID-v9mt-t1pb-hybk
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.1.6.2
3
url pkg:gem/actionview@5.2.2.1
purl pkg:gem/actionview@5.2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19fr-55kr-hyax
1
vulnerability VCID-31xv-z8c6-a7bg
2
vulnerability VCID-es1t-7196-4kbb
3
vulnerability VCID-p5mc-r1rg-5ff7
4
vulnerability VCID-v9mt-t1pb-hybk
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.2.2.1
4
url pkg:gem/actionview@6.0.0.beta3
purl pkg:gem/actionview@6.0.0.beta3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19fr-55kr-hyax
1
vulnerability VCID-es1t-7196-4kbb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.0.0.beta3
aliases CVE-2019-5419, GHSA-m63j-wh5w-c252
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8b5-d83n-nuhw
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.0.0.beta3