Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/rails@5.2.4.5
Typegem
Namespace
Namerails
Version5.2.4.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.1.7.7
Latest_non_vulnerable_version7.1.3.1
Affected_by_vulnerabilities
0
url VCID-2fra-ffky-97ce
vulnerability_id VCID-2fra-ffky-97ce
summary 
Exposure of information in Action Pack
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23633
reference_id
reference_type
scores
0
value 0.00187
scoring_system epss
scoring_elements 0.4042
published_at 2026-06-05T12:55:00Z
1
value 0.00187
scoring_system epss
scoring_elements 0.4034
published_at 2026-06-04T12:55:00Z
2
value 0.00187
scoring_system epss
scoring_elements 0.40423
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23633
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
15
reference_url https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml
17
reference_url https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements
1
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
18
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
19
reference_url https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released
20
reference_url https://security.netapp.com/advisory/ntap-20240119-0013
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240119-0013
21
reference_url https://security.netapp.com/advisory/ntap-20240119-0013/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240119-0013/
22
reference_url https://www.debian.org/security/2023/dsa-5372
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5372
23
reference_url http://www.openwall.com/lists/oss-security/2022/02/11/5
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/02/11/5
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389
reference_id 1005389
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2063149
reference_id 2063149
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2063149
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23633
reference_id CVE-2022-23633
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23633
27
reference_url https://github.com/advisories/GHSA-wh98-p28r-vrc9
reference_id GHSA-wh98-p28r-vrc9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wh98-p28r-vrc9
28
reference_url https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9
reference_id GHSA-wh98-p28r-vrc9
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9
29
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
fixed_packages
0
url pkg:gem/rails@5.2.6.2
purl pkg:gem/rails@5.2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nhny-abkr-6qhb
1
vulnerability VCID-sw7t-5s3e-vkhx
2
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.6.2
1
url pkg:gem/rails@6.0.0.beta1
purl pkg:gem/rails@6.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mmuc-hjr6-jfdd
1
vulnerability VCID-nhny-abkr-6qhb
2
vulnerability VCID-sw7t-5s3e-vkhx
3
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.0.beta1
2
url pkg:gem/rails@6.0.4.6
purl pkg:gem/rails@6.0.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nhny-abkr-6qhb
1
vulnerability VCID-sw7t-5s3e-vkhx
2
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.4.6
3
url pkg:gem/rails@6.1.0.rc1
purl pkg:gem/rails@6.1.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nhny-abkr-6qhb
1
vulnerability VCID-uhm1-xeqs-auec
2
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.0.rc1
4
url pkg:gem/rails@6.1.4.6
purl pkg:gem/rails@6.1.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nhny-abkr-6qhb
1
vulnerability VCID-sw7t-5s3e-vkhx
2
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.4.6
5
url pkg:gem/rails@7.0.0.alpha1
purl pkg:gem/rails@7.0.0.alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.0.alpha1
6
url pkg:gem/rails@7.0.2.2
purl pkg:gem/rails@7.0.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bfqq-ypyw-dycj
1
vulnerability VCID-nhny-abkr-6qhb
2
vulnerability VCID-sbuv-a22t-bbe2
3
vulnerability VCID-sw7t-5s3e-vkhx
4
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.2.2
aliases CVE-2022-23633, GHSA-wh98-p28r-vrc9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fra-ffky-97ce
1
url VCID-cuqq-33dv-xqfh
vulnerability_id VCID-cuqq-33dv-xqfh
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22885
reference_id
reference_type
scores
0
value 0.01264
scoring_system epss
scoring_elements 0.79811
published_at 2026-06-06T12:55:00Z
1
value 0.01264
scoring_system epss
scoring_elements 0.79805
published_at 2026-06-05T12:55:00Z
2
value 0.01264
scoring_system epss
scoring_elements 0.7978
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22885
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml
7
reference_url https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
8
reference_url https://hackerone.com/reports/1106652
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1106652
9
reference_url https://security.netapp.com/advisory/ntap-20210805-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210805-0009
10
reference_url https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210805-0009/
11
reference_url https://www.debian.org/security/2021/dsa-4929
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-4929
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1957441
reference_id 1957441
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1957441
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
reference_id 988214
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
14
reference_url https://security.archlinux.org/AVG-1920
reference_id AVG-1920
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1920
15
reference_url https://security.archlinux.org/AVG-1921
reference_id AVG-1921
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1921
16
reference_url https://security.archlinux.org/AVG-2090
reference_id AVG-2090
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2090
17
reference_url https://security.archlinux.org/AVG-2223
reference_id AVG-2223
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2223
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22885
reference_id CVE-2021-22885
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22885
19
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
fixed_packages
0
url pkg:gem/rails@5.2.4.6
purl pkg:gem/rails@5.2.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fra-ffky-97ce
1
vulnerability VCID-nhny-abkr-6qhb
2
vulnerability VCID-sw7t-5s3e-vkhx
3
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.6
1
url pkg:gem/rails@6.0.3.7
purl pkg:gem/rails@6.0.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fra-ffky-97ce
1
vulnerability VCID-nhny-abkr-6qhb
2
vulnerability VCID-qe2s-6tzh-cqfv
3
vulnerability VCID-sw7t-5s3e-vkhx
4
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.7
2
url pkg:gem/rails@6.1.3.1
purl pkg:gem/rails@6.1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fra-ffky-97ce
1
vulnerability VCID-9t5z-1umq-qbe4
2
vulnerability VCID-nhny-abkr-6qhb
3
vulnerability VCID-qe2s-6tzh-cqfv
4
vulnerability VCID-sw7t-5s3e-vkhx
5
vulnerability VCID-ugdk-t2vk-nkfc
6
vulnerability VCID-uhm1-xeqs-auec
7
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.3.1
aliases CVE-2021-22885, GHSA-hjg4-8q5f-x6fm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cuqq-33dv-xqfh
2
url VCID-nhny-abkr-6qhb
vulnerability_id VCID-nhny-abkr-6qhb
summary 
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22795
reference_id
reference_type
scores
0
value 0.01304
scoring_system epss
scoring_elements 0.80129
published_at 2026-06-06T12:55:00Z
1
value 0.01304
scoring_system epss
scoring_elements 0.80125
published_at 2026-06-05T12:55:00Z
2
value 0.01304
scoring_system epss
scoring_elements 0.80099
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22795
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
15
reference_url https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f
16
reference_url https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0
17
reference_url https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592
18
reference_url https://github.com/rails/rails/releases/tag/v6.1.7.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.7.1
19
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml
21
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164799
reference_id 2164799
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164799
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22795
reference_id CVE-2023-22795
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22795
25
reference_url https://github.com/advisories/GHSA-8xww-x3g3-6jcv
reference_id GHSA-8xww-x3g3-6jcv
reference_type
scores
url https://github.com/advisories/GHSA-8xww-x3g3-6jcv
26
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/rails@6.1.7.1
purl pkg:gem/rails@6.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.7.1
1
url pkg:gem/rails@7.0.4.1
purl pkg:gem/rails@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bfqq-ypyw-dycj
1
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.4.1
aliases CVE-2023-22795, GHSA-8xww-x3g3-6jcv, GMS-2023-56
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhny-abkr-6qhb
3
url VCID-sw7t-5s3e-vkhx
vulnerability_id VCID-sw7t-5s3e-vkhx
summary 
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22792
reference_id
reference_type
scores
0
value 0.02264
scoring_system epss
scoring_elements 0.84962
published_at 2026-06-06T12:55:00Z
1
value 0.02264
scoring_system epss
scoring_elements 0.84933
published_at 2026-06-04T12:55:00Z
2
value 0.02264
scoring_system epss
scoring_elements 0.84957
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22792
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/
url https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
15
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml
17
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
18
reference_url https://security.netapp.com/advisory/ntap-20240202-0007
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240202-0007
19
reference_url https://www.debian.org/security/2023/dsa-5372
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/
url https://www.debian.org/security/2023/dsa-5372
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164800
reference_id 2164800
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164800
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22792
reference_id CVE-2023-22792
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22792
23
reference_url https://github.com/advisories/GHSA-p84v-45xj-wwqj
reference_id GHSA-p84v-45xj-wwqj
reference_type
scores
url https://github.com/advisories/GHSA-p84v-45xj-wwqj
24
reference_url https://security.netapp.com/advisory/ntap-20240202-0007/
reference_id ntap-20240202-0007
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/
url https://security.netapp.com/advisory/ntap-20240202-0007/
25
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/rails@6.0.6.1
purl pkg:gem/rails@6.0.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nhny-abkr-6qhb
1
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.6.1
1
url pkg:gem/rails@6.1.7.1
purl pkg:gem/rails@6.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.7.1
2
url pkg:gem/rails@7.0.4.1
purl pkg:gem/rails@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bfqq-ypyw-dycj
1
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.4.1
aliases CVE-2023-22792, GHSA-p84v-45xj-wwqj, GMS-2023-58
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sw7t-5s3e-vkhx
4
url VCID-ugdk-t2vk-nkfc
vulnerability_id VCID-ugdk-t2vk-nkfc
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22904
reference_id
reference_type
scores
0
value 0.03338
scoring_system epss
scoring_elements 0.87521
published_at 2026-06-04T12:55:00Z
1
value 0.03338
scoring_system epss
scoring_elements 0.87541
published_at 2026-06-06T12:55:00Z
2
value 0.03338
scoring_system epss
scoring_elements 0.87543
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22904
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
5
reference_url https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/releases/tag/v5.2.4.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v5.2.4.6
9
reference_url https://github.com/rails/rails/releases/tag/v5.2.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v5.2.6
10
reference_url https://github.com/rails/rails/releases/tag/v6.0.3.7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.0.3.7
11
reference_url https://github.com/rails/rails/releases/tag/v6.1.3.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.3.2
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml
13
reference_url https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
14
reference_url https://hackerone.com/reports/1101125
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1101125
15
reference_url https://security.netapp.com/advisory/ntap-20210805-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210805-0009
16
reference_url https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210805-0009/
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1961379
reference_id 1961379
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1961379
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
reference_id 988214
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
19
reference_url https://security.archlinux.org/AVG-1920
reference_id AVG-1920
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1920
20
reference_url https://security.archlinux.org/AVG-1921
reference_id AVG-1921
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1921
21
reference_url https://security.archlinux.org/AVG-2090
reference_id AVG-2090
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2090
22
reference_url https://security.archlinux.org/AVG-2223
reference_id AVG-2223
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2223
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22904
reference_id CVE-2021-22904
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22904
24
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
fixed_packages
0
url pkg:gem/rails@5.2.4.6
purl pkg:gem/rails@5.2.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fra-ffky-97ce
1
vulnerability VCID-nhny-abkr-6qhb
2
vulnerability VCID-sw7t-5s3e-vkhx
3
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.6
1
url pkg:gem/rails@5.2.6
purl pkg:gem/rails@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fra-ffky-97ce
1
vulnerability VCID-nhny-abkr-6qhb
2
vulnerability VCID-sw7t-5s3e-vkhx
3
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.6
2
url pkg:gem/rails@6.0.3.7
purl pkg:gem/rails@6.0.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fra-ffky-97ce
1
vulnerability VCID-nhny-abkr-6qhb
2
vulnerability VCID-qe2s-6tzh-cqfv
3
vulnerability VCID-sw7t-5s3e-vkhx
4
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.7
3
url pkg:gem/rails@6.1.3.2
purl pkg:gem/rails@6.1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fra-ffky-97ce
1
vulnerability VCID-9t5z-1umq-qbe4
2
vulnerability VCID-nhny-abkr-6qhb
3
vulnerability VCID-qe2s-6tzh-cqfv
4
vulnerability VCID-sw7t-5s3e-vkhx
5
vulnerability VCID-uhm1-xeqs-auec
6
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.3.2
aliases CVE-2021-22904, GHSA-7wjx-3g7j-8584
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ugdk-t2vk-nkfc
5
url VCID-vsdb-j5zk-5kfw
vulnerability_id VCID-vsdb-j5zk-5kfw
summary 
Rails has possible Sensitive Session Information Leak in Active Storage
# Possible Sensitive Session Information Leak in Active Storage

There is a possible sensitive session information leak in Active Storage.  By
default, Active Storage sends a `Set-Cookie` header along with the user's
session cookie when serving blobs.  It also sets `Cache-Control` to public.
Certain proxies may cache the Set-Cookie, leading to an information leak.

This vulnerability has been assigned the CVE identifier CVE-2024-26144.

Versions Affected:  >= 5.2.0, < 7.1.0
Not affected:       < 5.2.0, > 7.1.0
Fixed Versions:     7.0.8.1, 6.1.7.7

Impact
------
A proxy which chooses to caches this request can cause users to share
sessions. This may include a user receiving an attacker's session or vice
versa.

This was patched in 7.1.0 but not previously identified as a security
vulnerability.

All users running an affected release should either upgrade or use one of the
workarounds immediately.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Upgrade to Rails 7.1.X, or configure caching proxies not to cache the
Set-Cookie headers.

Credits
-------

Thanks to [tyage](https://hackerone.com/tyage) for reporting this!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26144
reference_id
reference_type
scores
0
value 0.02363
scoring_system epss
scoring_elements 0.85259
published_at 2026-06-06T12:55:00Z
1
value 0.02363
scoring_system epss
scoring_elements 0.85253
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26144
2
reference_url https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433
6
reference_url https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3
7
reference_url https://security.netapp.com/advisory/ntap-20240510-0013
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240510-0013
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119
reference_id 1065119
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266063
reference_id 2266063
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266063
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26144
reference_id CVE-2024-26144
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26144
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml
reference_id CVE-2024-26144.YML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml
reference_id CVE-2024-26144.YML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml
13
reference_url https://github.com/advisories/GHSA-8h22-8cf7-hq6g
reference_id GHSA-8h22-8cf7-hq6g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8h22-8cf7-hq6g
14
reference_url https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g
reference_id GHSA-8h22-8cf7-hq6g
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g
15
reference_url https://security.netapp.com/advisory/ntap-20240510-0013/
reference_id ntap-20240510-0013
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://security.netapp.com/advisory/ntap-20240510-0013/
16
reference_url https://access.redhat.com/errata/RHSA-2024:10806
reference_id RHSA-2024:10806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10806
fixed_packages
0
url pkg:gem/rails@6.1.7.7
purl pkg:gem/rails@6.1.7.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.7.7
1
url pkg:gem/rails@7.0.8.1
purl pkg:gem/rails@7.0.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.8.1
aliases CVE-2024-26144, GHSA-8h22-8cf7-hq6g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vsdb-j5zk-5kfw
Fixing_vulnerabilities
0
url VCID-vh3y-nfex-rkcw
vulnerability_id VCID-vh3y-nfex-rkcw
summary 
Possible DoS Vulnerability in Active Record PostgreSQL adapter
There is a possible DoS vulnerability in the PostgreSQL adapter in Active
Record. This vulnerability has been assigned the CVE identifier CVE-2021-22880.

Versions Affected:  >= 4.2.0
Not affected:       < 4.2.0
Fixed Versions:     6.1.2.1, 6.0.3.5, 5.2.4.5

Impact
------
Carefully crafted input can cause the input validation in the "money" type of
the PostgreSQL adapter in Active Record to spend too much time in a regular
expression, resulting in the potential for a DoS attack.

This only impacts Rails applications that are using PostgreSQL along with
money type columns that take user input.

Workarounds
-----------
In the case a patch can't be applied, the following monkey patch can be used
in an initializer:

```
module ActiveRecord
  module ConnectionAdapters
    module PostgreSQL
      module OID # :nodoc:
        class Money < Type::Decimal # :nodoc:
          def cast_value(value)
            return value unless ::String === value

            value = value.sub(/^\((.+)\)$/, '-\1') # (4)
            case value
            when /^-?\D*+[\d,]+\.\d{2}$/  # (1)
              value.gsub!(/[^-\d.]/, "")
            when /^-?\D*+[\d.]+,\d{2}$/  # (2)
              value.gsub!(/[^-\d,]/, "").sub!(/,/, ".")
            end

            super(value)
          end
        end
      end
    end
  end
end
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22880.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22880.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22880
reference_id
reference_type
scores
0
value 0.02599
scoring_system epss
scoring_elements 0.85914
published_at 2026-06-06T12:55:00Z
1
value 0.02599
scoring_system epss
scoring_elements 0.85889
published_at 2026-06-04T12:55:00Z
2
value 0.02599
scoring_system epss
scoring_elements 0.85911
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22880
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
5
reference_url https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml
9
reference_url https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI
10
reference_url https://hackerone.com/reports/1023899
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1023899
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/
15
reference_url https://security.netapp.com/advisory/ntap-20210805-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210805-0009
16
reference_url https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210805-0009/
17
reference_url https://www.debian.org/security/2021/dsa-4929
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4929
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1930102
reference_id 1930102
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1930102
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22880
reference_id CVE-2021-22880
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22880
fixed_packages
0
url pkg:gem/rails@5.2.4.5
purl pkg:gem/rails@5.2.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fra-ffky-97ce
1
vulnerability VCID-cuqq-33dv-xqfh
2
vulnerability VCID-nhny-abkr-6qhb
3
vulnerability VCID-sw7t-5s3e-vkhx
4
vulnerability VCID-ugdk-t2vk-nkfc
5
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.5
1
url pkg:gem/rails@6.0.3.5
purl pkg:gem/rails@6.0.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fra-ffky-97ce
1
vulnerability VCID-cuqq-33dv-xqfh
2
vulnerability VCID-h52p-drh6-xfg4
3
vulnerability VCID-nhny-abkr-6qhb
4
vulnerability VCID-qe2s-6tzh-cqfv
5
vulnerability VCID-sw7t-5s3e-vkhx
6
vulnerability VCID-ugdk-t2vk-nkfc
7
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.5
2
url pkg:gem/rails@6.1.2.1
purl pkg:gem/rails@6.1.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fra-ffky-97ce
1
vulnerability VCID-9t5z-1umq-qbe4
2
vulnerability VCID-cuqq-33dv-xqfh
3
vulnerability VCID-nhny-abkr-6qhb
4
vulnerability VCID-qe2s-6tzh-cqfv
5
vulnerability VCID-sw7t-5s3e-vkhx
6
vulnerability VCID-ugdk-t2vk-nkfc
7
vulnerability VCID-uhm1-xeqs-auec
8
vulnerability VCID-vsdb-j5zk-5kfw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.2.1
aliases CVE-2021-22880, GHSA-8hc4-xxm3-5ppp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vh3y-nfex-rkcw
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.5