Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/82972?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/82972?format=api", "purl": "pkg:gem/actionpack@7.1.4.1", "type": "gem", "namespace": "", "name": "actionpack", "version": "7.1.4.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "8.1.2.1", "latest_non_vulnerable_version": "8.1.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51368?format=api", "vulnerability_id": "VCID-ufrj-jn16-jybn", "summary": "Rails has a possible XSS vulnerability in its Action Pack debug exceptions\n### Impact\nThe debug exceptions page does not properly escape exception messages.\nA carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS.\nThis affects applications with detailed exception pages enabled (`config.consider_all_requests_local = true`),\nwhich is the default in development.\n\n### Releases\nThe fixed releases are available at the normal locations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33167", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450552", "reference_id": "2450552", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450552" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112774?format=api", "purl": "pkg:gem/actionpack@8.1.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.1.2.1" } ], "aliases": [ "CVE-2026-33167", "GHSA-pgm4-439c-5jp6" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ufrj-jn16-jybn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51356?format=api", "vulnerability_id": "VCID-v3vg-9jdz-guf5", "summary": "Possible Content Security Policy bypass in Action Dispatch\nThere is a possible Cross Site Scripting (XSS) vulnerability\nin the `content_security_policy` helper in Action Pack.\n\n## Impact\n\nApplications which set Content-Security-Policy (CSP) headers\ndynamically from untrusted user input may be vulnerable to\ncarefully crafted inputs being able to inject new directives\ninto the CSP. This could lead to a bypass of the CSP and its\nprotection against XSS and other attacks.\n\n## Releases\n\nThe fixed releases are available at the normal locations.\n\n## Workarounds\n\nApplications can avoid setting CSP headers dynamically from\nuntrusted input, or can validate/sanitize that input.\n\n## Credits\n\nThanks to [ryotak](https://hackerone.com/ryotak) for the report!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49" }, { "reference_url": "https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a" }, { "reference_url": "https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542" }, { "reference_url": "https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250306-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250306-0010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755", "reference_id": "1089755", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331619", "reference_id": "2331619", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331619" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54133", "reference_id": "CVE-2024-54133", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54133" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml", "reference_id": "CVE-2024-54133.YML", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml" }, { "reference_url": "https://github.com/advisories/GHSA-vfm5-rmrh-j26v", "reference_id": "GHSA-vfm5-rmrh-j26v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vfm5-rmrh-j26v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83510?format=api", "purl": "pkg:gem/actionpack@7.1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ufrj-jn16-jybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/83511?format=api", "purl": "pkg:gem/actionpack@7.2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ufrj-jn16-jybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/83512?format=api", "purl": "pkg:gem/actionpack@8.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ufrj-jn16-jybn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.1" } ], "aliases": [ "CVE-2024-54133", "GHSA-vfm5-rmrh-j26v" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v3vg-9jdz-guf5" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51360?format=api", "vulnerability_id": "VCID-37qm-tp8v-tugb", "summary": "Possible ReDoS vulnerability in HTTP Token authentication in Action Controller\nThere is a possible ReDoS vulnerability in Action Controller's\nHTTP Token authentication. This vulnerability has been assigned\nthe CVE identifier CVE-2024-47887.\n\n## Impact\n\nFor applications using HTTP Token authentication via\n`authenticate_or_request_with_http_token` or similar, a carefully\ncrafted header may cause header parsing to take an unexpected amount\nof time, possibly resulting in a DoS vulnerability. All users running\nan affected release should either upgrade or apply the relevant\npatch immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications\nusing Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends\non Ruby 3.2 or greater so is unaffected.\n\n## Releases\n\nThe fixed releases are available at the normal locations.\n\n## Workarounds\n\nUsers on Ruby 3.2 are unaffected by this issue.\n\n## Credits\n\nThanks to [scyoon](https://hackerone.com/scyoon) for reporting", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319034", "reference_id": "2319034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319034" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47887", "reference_id": "CVE-2024-47887", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47887" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml", "reference_id": "CVE-2024-47887.YML", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml" }, { "reference_url": "https://github.com/advisories/GHSA-vfg9-r3fq-jvx4", "reference_id": "GHSA-vfg9-r3fq-jvx4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vfg9-r3fq-jvx4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82970?format=api", "purl": "pkg:gem/actionpack@6.1.7.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82971?format=api", "purl": "pkg:gem/actionpack@7.0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/82972?format=api", "purl": "pkg:gem/actionpack@7.1.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/82973?format=api", "purl": "pkg:gem/actionpack@7.2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/170218?format=api", "purl": "pkg:gem/actionpack@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37qm-tp8v-tugb" }, { "vulnerability": "VCID-nprk-kfvh-vqfh" }, { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1" } ], "aliases": [ "CVE-2024-47887", "GHSA-vfg9-r3fq-jvx4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37qm-tp8v-tugb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51366?format=api", "vulnerability_id": "VCID-nprk-kfvh-vqfh", "summary": "Possible ReDoS vulnerability in query parameter filtering in Action Dispatch\nThere is a possible ReDoS vulnerability in the query parameter\nfiltering routines of Action Dispatch. This vulnerability has\nbeen assigned the CVE identifier CVE-2024-41128.\n\n## Impact\n\nCarefully crafted query parameters can cause query parameter\nfiltering to take an unexpected amount of time, possibly resulting\nin a DoS vulnerability. All users running an affected release\nshould either upgrade or apply the relevant patch immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications\nusing Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends\non Ruby 3.2 or greater so is unaffected.\n\n## Releases\n\nThe fixed releases are available at the normal locations.\n\n## Workarounds\n\nUsers on Ruby 3.2 are unaffected by this issue.\n\n## Credits\n\nThanks to [scyoon](https://hackerone.com/scyoon) for the report and patches!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319036", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319036" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075" }, { "reference_url": "https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef" }, { "reference_url": "https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891" }, { "reference_url": "https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2024-41128", "reference_id": "CVE-2024-41128", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2024-41128" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41128", "reference_id": "CVE-2024-41128", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41128" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml", "reference_id": "CVE-2024-41128.YML", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml" }, { "reference_url": "https://github.com/advisories/GHSA-x76w-6vjr-8xgj", "reference_id": "GHSA-x76w-6vjr-8xgj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x76w-6vjr-8xgj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82970?format=api", "purl": "pkg:gem/actionpack@6.1.7.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82971?format=api", "purl": "pkg:gem/actionpack@7.0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/82972?format=api", "purl": "pkg:gem/actionpack@7.1.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/82973?format=api", "purl": "pkg:gem/actionpack@7.2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/170218?format=api", "purl": "pkg:gem/actionpack@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37qm-tp8v-tugb" }, { "vulnerability": "VCID-nprk-kfvh-vqfh" }, { "vulnerability": "VCID-ufrj-jn16-jybn" }, { "vulnerability": "VCID-v3vg-9jdz-guf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1" } ], "aliases": [ "CVE-2024-41128", "GHSA-x76w-6vjr-8xgj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nprk-kfvh-vqfh" } ], "risk_score": "2.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1" }